From 1cdb9d106b5d3df0c46a751dca2e7b7ab8e42c90 Mon Sep 17 00:00:00 2001 From: Vivien Kraus Date: Wed, 1 Jan 2020 00:00:00 +0100 Subject: Set up the project infrastructure --- src/scm/webid-oidc/ChangeLog | 124 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 124 insertions(+) create mode 100644 src/scm/webid-oidc/ChangeLog (limited to 'src/scm') diff --git a/src/scm/webid-oidc/ChangeLog b/src/scm/webid-oidc/ChangeLog new file mode 100644 index 0000000..1223e69 --- /dev/null +++ b/src/scm/webid-oidc/ChangeLog @@ -0,0 +1,124 @@ +2021-04-30 Vivien Kraus + + * reverse-proxy.scm (make-reverse-proxy): Make the auth header + lowercase, so that all capitalizations of that header in the + incoming requests are dropped. + +2021-04-26 Vivien Kraus + + * identity-provider.scm (make-identity-provider): while saving the + key to file, close the port so that it gets flushed. + +2021-04-22 Vivien Kraus + + * oidc-configuration.scm (get-oidc-configuration): accept hosts as + URIs (discard everything but the host). + + * token-endpoint.scm (make-token-endpoint): use (webid-oidc + oidc-id-token) to issue the ID token. + + * oidc-id-token.scm (issue-id-token): fix function. + (id-token-payload?): now the std uses a "webid" claim for the + webid of the user, fix that. + + * token-endpoint.scm (make-token-endpoint): also return the ID + token. + + * oidc-id-token.scm (id-token-decode): this function still used a + cache and current-time arguments. + +2021-03-30 Vivien Kraus + + * hello-world.scm (webid-oidc): remove the hello world. + + * resource.scm: don’t provide a Linked Data Platform + implementation here. + + * resource-server.scm (make-authenticator): The server’s public + URI is now exported, so you don’t rely on the Host header anymore. + + * dpop-proof.scm (uris-compatible): Check decoded paths, so if + some characters are encoded they are equal to their decoded + counterparts. + +2021-03-13 Vivien Kraus + + * resource.scm (default-root-acl): The root authorization + statements need not be inherited, they are by default. + +2021-02-27 Vivien Kraus + + * hello-world.scm (main): Use an explicit caching and loggin + http-get. + (main): Add a content-type to the “unauthorized” response. + + * resource-server.scm (make-authenticator): http-get and + current-time are now authenticator parameters, not request + parameters. + + * provider-confirmation.scm (get-provider-confirmations): Don't + try to cache. + + * identity-provider.scm (make-identity-provider): The identity + provider only uses the cache through the http-get argument. + (main): Use a caching http-get. + + * token-endpoint.scm (make-token-endpoint): make the current-time + argument an endpoint parameter, not a handler parameter. + + * authorization-endpoint.scm (make-authorization-endpoint): No + need for an explicit cache, since we have http-get. + (make-authorization-endpoint): Pass current-time as an endpoint + parameter, not a handler parameter, because it should be + synchronized with that of the internal http-get with cache. + (make-authorization-endpoint): get-client-manifest is simpler. + + * client-manifest.scm (get-client-manifest): Same simplification + as for get-jwks. + + * oidc-configuration.scm (get-oidc-configuration): Same + siplifications as for get-jwks. + + * jwk.scm (get-jwks): Simplification, the cache is managed through + the http-get argument. + + * Makefile.am (dist_webidoidcmod_DATA): Use the new guile web-client with cache + +2021-02-17 Vivien Kraus + + * authorization-page.scm (with-locale): Avoid deadlock when + setlocale throws. + +2021-02-07 Vivien Kraus + + * authorization-endpoint.scm (make-authorization-endpoint): use + the new modules. + + * Makefile.am (webidoidcgo_DATA): compile the new modules to + generate the authorization pages. + + * Makefile.am (dist_webidoidcmod_DATA): distribute the new modules + to generate the authorization pages. + + * authorization-page.scm: wrapper of the unsafe module in a + thread-safe fashion. + + * authorization-page-unsafe.scm: new module. + + * dpop-proof.scm (uris-compatible): Also check userinfo for + equality. + +2020-12-05 Vivien Kraus + + * dpop-proof.scm (dpop-proof-decode): Accept a predicate to decode + a dpop proof, so that we can use it for the token endpoint. + +2020-12-02 Vivien Kraus + + * jws.scm (jws-decode): In order to verify OIDC ID tokens, the key + lookup function now takes a full JWS and not only the header. + +2020-11-29 Vivien Kraus + + * jws.scm (jws-decode): The JWS can be verified using a JWKS or multiple keys. + -- cgit v1.2.3