path: root/doc/webid-oidc.texi

\input texinfo @c -*-texinfo-*-
@comment $Id@w{$}
@documentlanguage en
@comment %**start of header
@include version.texi
@settitle Webid-oidc manual
@syncodeindex pg cp
@syncodeindex fn cp
@syncodeindex vr cp
@syncodeindex tp cp
@comment %**end of header

@copying
This is the manual of webid-oidc (version @value{VERSION}, @value{UPDATED}), an implementation of the Solid authentication protocol for guile, client and server.

Copyright @copyright{} 2020, 2021 Vivien Kraus
@quotation
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License, Version 1.3 or
any later version published by the Free Software Foundation; with no
Invariant Sections, with no Front-Cover Texts, and with no Back-Cover
Texts. A copy of the license is included in the section entitled ``GNU
Free Documentation License''
@end quotation
@end copying

@dircategory Software libraries

@direntry
* webid-oidc: (webid-oidc)Decentralized Authentication on the Web.
@end direntry

@titlepage
@title Webid-oidc manual
@subtitle for version @value{VERSION}, @value{UPDATED}
@author Vivien Kraus (@email{vivien@@planete-kraus.eu})
@page
@vskip 0pt plus 1fill
@insertcopying
@end titlepage

@contents
@ifnottex
@node Top
@top Webid-oidc
@end ifnottex

@menu
* Decentralized Authentication on the Web::
* The Json Web Token::
* Caching on server side::
* Running an Identity Provider::
* Running a Resource Server::
* Exceptional conditions::
* GNU Free Documentation License::
* Index::
@end menu

@node Decentralized Authentication on the Web
@chapter Decentralized Authentication on the Web

Authentication on the web is currently handled in the following way:
anyone can install a server that will authenticate users on the
web. The problem is interoperability. If a client (an application)
wants to authenticate a user, it has to be approved by the
authentication server. In other words, if @var{useful-program} wants
to authenticate @var{MegaCorp} users, then @var{useful-program} has to
register to @var{MegaCorp} first, and get approved. This goes against
the principle of permission-less innovation, which is at the heart of
the web.

In the decentralized authentication web, the best attempt so far is
that of ActivityPub. All servers are interoperable with respect to
authentication: if user A emits an activity, it is forwarded by A's
server to its recipients, and A's server is responsible for A's
identity.

The problem with that approach is that the data is tied to the
application. It is not possible to use another application to process
the data differently, or to use multiple data sources, in an
interoperable way (without the ActivityPub server knowing). This means
that on Activitypub, microblogging applications will not present
different activities correctly. This also means that it is difficult
to write a free replacement to a non-free application program, because
it would need to manage the data.

In the Solid ecosystem, there is a clear distinction between servers
and applications. An application is free to read data from all places
at the same time, using a permission-less authentication system. Since
the applications do not need to store data, the cost of having users
is neglectible, so users do not need prior approval before using them
(making captchas and the like a thing of the past). Servers do not
have a say in which applications the user uses.

The authentication used is a slight modification of the
well-established OpenID Connect. It is intended to work in a web
browser, but this package demonstrates that it also works without a
web browser.

@node The Json Web Token
@chapter The Json Web Token

The Json Web Token, or @dfn{JWT}, is a terse representation of a pair
of JSON objects: the @dfn{header}, and the @dfn{payload}. The JWT can
be @dfn{encoded} as a Json Web Signature (@dfn{JWS}), in which case
the header is encoded to base64 with the URL alphabet, and without
padding characters, the payload is also encoded to base64, and the
concatenation of the encoding of the header, a dot, and the encoding
of the payload is signed with some cryptography algorithm. In the
following, we will only be interested by public-key cryptography. The
concatenation of header, dot, payload, dot and signature in base64 is
the encoding of the JWT.

Decoded JWT are represented as a pair. The car of the pair is the
header, and the cdr is the payload. Both the header and the payload
use the JSON representation from srfi-180: objects are alists of
@strong{symbols} to values, arrays are vectors. It is unfortunate that
guile-json has a slightly different representation, where alist keys
are @emph{strings}, but we hope that in the future SRFI-180 will be
more closely respected.

@menu
* The ID token::
* The access token::
* The DPoP proof::
* Generic JWTs::
@end menu

@node The ID token
@section The ID token

The ID token is a special JWT that the application keeps for
itself. It is signed by the identity provider, and contains the
following claims:

@table @emph
@item webid
the URI of the user’s webid;
@item iss
the URI of the identity provider (issuer);
@item sub
the username (the webid-oidc issuer puts the webid again here, but it
could be any string);
@item aud
the ID of the client application that is intended to receive the ID
token;
@item nonce
some random data to change the signature;
@item exp
an UTC time (in seconds) for when the token expires;
@item iat
the time when it was issued.
@end table

There are functions to work with ID tokens in
@emph{(webid-oidc oidc-id-token)}.

@deffn function id-token? @var{object}
Check that @var{object} is a decoded ID token.
@end deffn

The following helper functions convert URIs to the URIs from
@emph{(web uri)} and times to @emph{(srfi srfi-19)} dates.

@deffn function id-token-webid @var{token}
@deffnx function id-token-iss @var{token}
@deffnx function id-token-sub @var{token}
@deffnx function id-token-aud @var{token}
@deffnx function id-token-nonce @var{token}
@deffnx function id-token-exp @var{token}
@deffnx function id-token-iat @var{token}
Get the suitable field from the payload of @var{token}.
@end deffn

ID tokens can be signed and encoded as a string, or decoded.

@deffn function id-token-decode @var{token} @var{[#http-get]}
Decode @var{token}, as a string, into a decoded token. The signature
verification will need to fetch the oidc configuration of the claimed
issuer, and check the signature against the published keys. The
@code{http-get} optional keyword argument can set a different
implementation of @code{http-get} from @emph{(web client)}. Return
@code{#f} if it failed, or the decoded token otherwise.
@end deffn

@deffn function id-token-encode @var{token} @var{key}
Encode @var{token} and sign it with the issuer’s @var{key}.
@end deffn

@deffn function issue-id-token @var{issuer-key} @var{#alg} @var{#webid} @var{#iss} @var{#sub} @var{#aud} @var{#exp} @var{#iat}
Create an ID token, and encode it with @var{issuer-key}.
@end deffn

@node The access token
@section The access token

The access token is obtained by the client through a token request,
and is presented to the server on each authenticated request. It is
signed by the identity provider, and it contains enough information so
that the server knows who the user is and who the agent is, and most
importantly the fingerprint of the key that the client should use in a
DPoP proof.

The API is defined in @emph{(webid-oidc access-token)}.

@deffn function access-token? @var{object}
Check that @var{object} is a decoded access token.
@end deffn

There are field getters for the access token:

@deffn function access-token-webid @var{token}
@deffnx function access-token-iss @var{token}
@deffnx function access-token-aud @var{token}
@deffnx function access-token-exp @var{token}
@deffnx function access-token-iat @var{token}
@deffnx function access-token-cnf/jkt @var{token}
@deffnx function access-token-client-id @var{token}
Get the suitable field from the payload of @var{token}.
@end deffn

Access tokens can be signed and encoded as a string, or decoded.

@deffn function access-token-decode @var{token} @var{[#http-get]}
Decode @var{token}, as a string, into a decoded token. As with the ID
token, the signature verification will need to fetch the oidc
configuration of the claimed issuer, and check the signature against
the published keys. The @code{http-get} optional keyword argument can
set a different implementation of @code{http-get} from
@emph{(web client)}, for instance to re-use the what has been obtained
by the ID token validation. Return @code{#f} if it failed, or the
decoded token otherwise.
@end deffn

@deffn function access-token-encode @var{token} @var{key}
Encode @var{token} and sign it with the issuer’s @var{key}.
@end deffn

@deffn function issue-access-token @var{issuer-key} @var{#alg} @var{#webid} @var{#iss} @var{#exp} @var{#iat} @var{[#client-key} @var{|} @var{#cnf/jkt]} @var{#client-id}
Create an access token, and encode it with @var{issuer-key}. You can
either set the @code{#:cnf/jkt} keyword argument with the fingerprint
of the client key, or set @code{#:client-key} directly, in which case
the fingerprint will be computed for you.
@end deffn

@node The DPoP proof
@section The DPoP proof

This is a special JWT, that is signed by a key controlled by the
application. The access token certifies that the key used to sign the
proof is approved by the identity provider.

@deffn function dpop-proof? @var{proof}
Check that the @var{proof} is a decoded DPoP proof. The validity of
the proof is not checked by this function.
@end deffn

@deffn function dpop-proof-alg @var{proof}
@deffnx function dpop-proof-jwk @var{proof}
@deffnx function dpop-proof-jti @var{proof}
@deffnx function dpop-proof-htm @var{proof}
@deffnx function dpop-proof-htu @var{proof}
@deffnx function dpop-proof-iat @var{proof}
Get the corresponding field of the proof.
@end deffn

@deffn function dpop-proof-decode @var{current-time} @var{jti-list} @var{method} @var{uri} @var{str} @var{cnf/check}
Check and decode a DPoP proof encoded as @var{str}.

The @var{current-time} is passed as a date, time or number (of
seconds).

In order to prevent replay attacks, each proof has a unique random
string that is remembered in @var{jti-list} until its expiration date
is reached. See the @code{make-jti-list} function.

The proof is limited to the scope of one @var{uri} and one
@var{method} (@code{'GET}, @code{'POST} and so on).

Finally, the key that is used to sign the proof should be confirmed by
the identity provider. To this end, the @var{cnf/check} function is
called with the fingerprint of the key. The function should check that
the fingerprint is OK (return a boolean).
@end deffn

@deffn function make-jti-list
This function in @emph{(webid-oidc jti-list)} creates an in-memory,
async-safe, thread-safe cache for the proof IDs.
@end deffn

@deffn function dpop-proof-encode @var{proof} @var{key}
Encode the proof and sign it with @var{key}. To generate valid proofs,
@var{key} should be the private key corresponding to the @code{jwk}
field of the proof.
@end deffn

@deffn function issue-dpop-proof @var{client-key} @var{#alg} @var{#htm} @var{#htu} @var{#iat}
Create a proof, sign it and encode it with
@var{client-key}. @var{client-key} should contain both the private and
public key, because the public part is written in the proof and the
private part is used to sign it.
@end deffn

@node Generic JWTs
@section Generic JWTs

You can parse generic JWTs signed with JWS with the following
functions from @emph{(webid-oidc jws)}.

@deffn function jws? @var{jwt}
Check that @var{jwt} is a decoded JWT signed with JWS.
@end deffn

@deffn function jws-alg @var{jwt}
Get the algorithm used to sign @var{jwt}.
@end deffn

@deffn function jws-decode @var{str} @var{lookup-keys}
Check and decode a JWT signed with JWS and encoded as @var{str}.

Since the decoding and signature verification happen at the same time
(for user friendliness), the @var{lookup-keys} function is used. It is
passed as arguments the decoded JWT (but the signature is not checked
yet), and it should return a public key, a public key set or a list of
public keys. If the key lookup failed, this function should raise an
exception.
@end deffn

@deffn function jws-encode @var{jwt} @var{key}
Encode the JWT and sign it with @var{key}.
@end deffn

@node Caching on server side
@chapter Caching on server side

Both the identity provider and the resource server need to cache
things. The identity provider will cache application webids, and the
resource server will cache the identity provider keys, for instance.

The solution is to use a file-system cache. Every response (except
those that have a cache-control policy of no-store) are stored to a
sub-directory of @emph{XDG_CACHE_HOME}. Each store has a 5% chance of
triggering a cleanup of the cache. When a cleanup occurs, each cached
response has a 5% chance of being dropped, including responses that
are indicated as valid. This way, a malicious cache response that has
a maliciously long validity will not stay too long in the cache. A log
line will indicate which items are dropped.

The @emph{(webid-oidc cache)} module exports two functions to deal
with the cache.

@deffn function clean-cache @var{[#percents]} @var{[#dir]}
Drop @var{percents}% of the cache right now, in @var{dir} (defaults to
some place within @emph{XDG_CACHE_HOME}).
@end deffn

@deffn function with-cache @var{[#current-time]} @var{[#http-get]} @var{[#dir]}
Return a function acting as @emph{http-get} from @emph{(web client)}
(takes an URI as the first parameter, and an optional @var{#:headers}
set, and returns 2 values, the response and its body).

The cache will be read and written in @var{dir} (defaults to some
place within @emph{XDG_CACHE_HOME}), and the @var{current-time} number
of seconds, SRFI-19 time or date, or time-returning thunk will be used
to check for the validity of responses.

The back-end function, @var{http-get}, defaults to that of
@emph{(web client)}.
@end deffn

@node Running an Identity Provider
@chapter Running an Identity Provider

This project is packaged with a barebones identity provider. It has an
authorization endpoint and a token endpoint (and it serves its public
keys), but it is only intended for one specific person.

You can start it by invoking the @code{webid-oidc-issuer} program,
with the following options:

@table @asis
@item @code{-h}, or @code{--help}
prints a summary of options and exit.
@item @code{-v}, or @code{--version}
prints the version of the program and exits.
@item @code{-i @var{URI}}, or @code{--issuer=@var{URI}}
sets the global server name of the identity provider. It should have
an empty path.
@item @code{-k @var{FILE.jwk}}, or @code{--key-file=@var{FILE.jwk}}
sets the file name where to read or generate a key for the identity
provider. This file should be JSON, containing the representation of a
JWK key pair.
@item @code{-s @var{WEBID}}, or @code{--subject=@var{WEBID}}
sets the webid of the only user of the identity provider. This is an
URI, pointing to a RDF node corresponding to the user’s profile.
@item @code{-w @var{PASSWORD}}, or @code{--password=@var{PASSWORD}}
sets the password that the user must enter to authorize an
application.
@item @code{-j @var{URI}}, or @code{--jwks-uri=@var{URI}}
tells the server that requests to @var{URI} should be responded with
the public key used to sign the tokens.
@item @code{-a @var{URI}}, or @code{--authorization-endpoint-uri=@var{URI}}
tells the server that requests to @var{URI} should be treated as
authorization requests.
@item @code{-t @var{URI}}, or @code{--token-endpoint-uri=@var{URI}}
tells the server that requests to @var{URI} should be treated as token
negociation requests.
@item @code{-p @var{PORT}}, or @code{--port=@var{PORT}}
change the port number used by the server. By default, it is set to
8080.
@item @code{-l @var{FILE.log}}, or @code{--log-file=@var{FILE.log}}
let the server dump all its output to @var{FILE.log}. Since I don’t
know how to deal with syslog, this is the only way to keep logs with a
shepherd service.
@item @code{-e @var{FILE.err}}, or @code{--error-file=@var{FILE.err}}
let the server dump all its errors to @var{FILE.err}.
@end table

The program is sensitive to the environment variables. The most
important one is @emph{LANG}, which influences how the program is
internationalized to the server administrator (the pages served to the
user use the user agent’s locale). This changes the long form of the
options, and the language in the log files.

The @emph{XDG_DATA_HOME} should point to some place where the program
will store refresh tokens, under the @code{webid-oidc} directory. For
a system service, you might want to define that environment to
@code{/var/lib}, for instance.

The @emph{XDG_CACHE_HOME} should point to a directory where to store
the seed of the random number generator (under a @code{webid-oidc}
directory, again). Changing the seed only happens when a program
starts to require the random number generator. You can safely delete
this directory, but you need to restart the program to actually change
the seed.

@node Running a Resource Server
@chapter Running a Resource Server

@menu
* Running webid-oidc-reverse-proxy::
* The authenticator::
@end menu

A Solid server is the server that manages your data. It needs to check
that the proofs of possession are correct, and the possessed key is
signed by the identity provider.

@node Running webid-oidc-reverse-proxy
@section Running webid-oidc-reverse-proxy

The distribution comes with a reverse proxy, aptly named
@code{webid-oidc-reverse-proxy}, to listen to an interface, take
requests, authenticate them, and pass them to a backend with an
additional header containing the webid of the agent, if authenticated.

The reverse proxy is invoked with the following arguments:

@table @asis
@item @code{-p}@var{PORT}, @code{--port=}@var{PORT}
the port on which the reverse proxy listens;
@item @code{-i}@var{INBOUND}, @code{--inbound-uri=}@var{INBOUND}
the public name of the server;
@item @code{-o}@var{OUTBOUND}, @code{--outbound-uri=}@var{OUTBOUND}
the address of the backend;
@item @code{-H}@var{HEADER}, @code{--header=}@var{HEADER}
replace the name of the header that will contain the webid of the
user. Defaults to @code{XXX-Agent}. Please note that this value should
be ASCII, otherwise it’s not guaranteed that the reverse proxy will
drop other capitalizations of the header in malicious requests;
@item @code{-l @var{FILE.log}}, or @code{--log-file=@var{FILE.log}}
let the server dump all its output to @var{FILE.log}. See the identity
provider comment;
@item @code{-e @var{FILE.err}}, or @code{--error-file=@var{FILE.err}}
let the server dump all its errors to @var{FILE.err}.
@end table

You can localize the interface by setting the @var{LANG} environment
variable.

@node The authenticator
@section The authenticator

In @emph{(webid-oidc jws)}, the following function gives a simple API
for a web server:

@deffn function make-authenticator @var{jti-list} @var{[#server-uri]} @var{[#current-time]} @var{[#http-get]}
Create an authenticator, i.e. a function that takes a request and
request body and returns the webid of the authenticated user, or
@code{#f} if it is not authenticated.

To prevent replay attacks, each request is signed by the client with a
different unique padding value. If such a value has already been seen,
then the request must fail.

The authenticator expects the client to demonstrate the possession of
a key that the identity provider knows. So the client creates a DPoP
proof, targetted to a specific URI. In order to check that the URI is
correct, the authenticator needs the public URI of the service.

The JTIs are checked within a small time frame. By default, the system
time will be used. Otherwise, you can customize the
@code{current-time} optional keyword argument, to pass a thunk
returning a time from @emph{(srfi srfi-19)}.

You may want to customize the @var{http-get} optional keyword argument
to pass a function to replace @code{http-get} from @emph{(http
client)}. This function takes an URI and optional @code{#:headers}
arguments, makes the request, and return two values: the response, and
the response body.

This function, in @emph{(webid-oidc resource-server)}, returns a web
request handler, taking the request and request body, and returning
the subject of the access token. If an error happens, it is thrown;
the function always returns a valid URI.
@end deffn

@node Exceptional conditions
@chapter Exceptional conditions

The library will raise an exception whenever something fishy
occurs. For instance, if a signature is invalid, or the expiration
date has passed. All exception types are defined in
@code{(webid-oidc errors)}.

@deffn function error->str @var{error} @var{[#depth]}
Return a string explaining the @var{error}. You can limit the
@var{depth} of the explanation as an integer.
@end deffn

@menu
* Invalid data format::
* Invalid JWT::
* Cannot fetch data on the web::
* Other errors in the protocol or from a reasonable implementation::
@end menu

@node Invalid data format
@section Invalid data format
There are a few JSON objects with required fields. This exceptions
usually occur as the cause of a higher-level exception.

@deftp {exception type} &not-base64 @var{value} @var{cause}
This exception is raised when the base64 decoding function
failed. @var{value} is the incorrect input, and @var{cause} is a
low-level error.
@end deftp

@deftp {exception type} &not-json @var{value} @var{cause}
Cannot decode @var{value} to a JSON object.
@end deftp

@deftp {exception type} &not-turtle @var{value} @var{cause}
Cannot decode @var{value} to a RDF graph.
@end deftp

@deftp {exception type} &incorrect-webid-field @var{value}
The @var{value} of the webid field in the JWT is missing (if
@code{#f}), or not an acceptable value.
@end deftp

@deftp {exception type} &incorrect-iss-field @var{value}
The @var{value} of the iss field is incorrect.
@end deftp

@deftp {exception type} &incorrect-aud-field @var{value}
The @var{value} of the aud field is incorrect.
@end deftp

@deftp {exception type} &incorrect-iat-field @var{value}
The @var{value} of the iat field is incorrect.
@end deftp

@deftp {exception type} &incorrect-exp-field @var{value}
The @var{value} of the exp field is incorrect.
@end deftp

@deftp {exception type} &incorrect-cnf/jkt-field @var{value}
The @var{value} of the cnf/jkt field is incorrect.
@end deftp

@deftp {exception type} &incorrect-client-id-field @var{value}
The @var{value} of the client-id field is incorrect.
@end deftp

@deftp {exception type} &incorrect-typ-field @var{value}
The @var{value} of the typ field in the DPoP proof header is
incorrect.
@end deftp

@deftp {exception type} &incorrect-jwk-field @var{value} @var{cause}
The @var{value} of the jwk field in the DPoP proof header is
incorrect.
@end deftp

@deftp {exception type} &incorrect-jti-field @var{value}
The @var{value} of the jti field in the DPoP proof is incorrect.
@end deftp

@deftp {exception type} &incorrect-htm-field @var{value}
The @var{value} of the htm field in the DPoP proof is incorrect.
@end deftp

@deftp {exception type} &incorrect-htu-field @var{value}
The @var{value} of the htu field in the DPoP proof is incorrect.
@end deftp

@deftp {exception type} &incorrect-redirect-uris-field @var{value}
The @var{value} of the redirect-uris field of a client manifest is
incorrect.
@end deftp

@deftp {exception type} &incorrect-typ-field @var{value}
The @var{value} of the typ field in the DPoP proof header is
incorrect.
@end deftp

@deftp {exception type} &incorrect-sub-field @var{value}
The @var{value} of the sub field is incorrect.
@end deftp

@deftp {exception type} &incorrect-iss-field @var{value}
The @var{value} of the iss field is incorrect.
@end deftp

@deftp {exception type} &incorrect-nonce-field @var{value}
The @var{value} of the nonce field in the DPoP proof is incorrect.
@end deftp

@deftp {exception type} &incorrect-htm-field @var{value}
The @var{value} of the htm field in the DPoP proof is incorrect.
@end deftp

@deftp {exception type} &not-a-client-manifest @var{value} @var{cause}
The @var{client-manifest} is incorrect.
@end deftp

@node Invalid JWT
@section Invalid JWT
Each JWT type – access token, DPoP proof, ID token, authorization code
(this is internal to the identity provider) has different validation
rules, and can fail in different ways.

@deftp {exception type} &unsupported-crv @var{crv}
The identifier @var{crv} does not identify an elliptic curve.
@end deftp

@deftp {exception type} &not-a-jwk @var{value} @var{cause}
@var{value} does not identify a JWK.
@end deftp

@deftp {exception type} &not-a-public-jwk @var{value} @var{cause}
@var{value} does not identify a public JWK.
@end deftp

@deftp {exception type} &not-a-private-jwk @var{value} @var{cause}
@var{value} does not identify a private JWK.
@end deftp

@deftp {exception type} &not-a-jwks @var{value} @var{cause}
@var{value} does not identify a set of public keys.
@end deftp

@deftp {exception type} &unsupported-alg @var{value}
@var{value} does not identify a valid hash algorithm.
@end deftp

@deftp {exception type} &invalid-signature @var{key} @var{payload} @var{signature}
@var{key} has not signed @var{payload} with @var{signature}.
@end deftp

@deftp {exception type} &missing-alist-key @var{value} @var{key}
@var{value} isn’t an alist, or is missing a value with @var{key}.
@end deftp

@deftp {exception type} &not-a-jws-header @var{value} @var{cause}
@var{value} does not identify a decoded JWS header.
@end deftp

@deftp {exception type} &not-a-jws-payload @var{value} @var{cause}
@var{value} does not identify a decoded JWS payload.
@end deftp

@deftp {exception type} &not-a-jws @var{value} @var{cause}
@var{value} does not identify a decoded JWS.
@end deftp

@deftp {exception type} &not-in-3-parts @var{string} @var{separator}
@var{string} cannot be split into 3 parts with @var{separator}.
@end deftp

@deftp {exception type} &no-matching-key @var{candidates} @var{alg} @var{payload} @var{signature}
No key among @var{candidates} could verify @var{signature} signed with
@var{alg} for @var{payload}, because the signature mismatched for all
keys.
@end deftp

@deftp {exception type} &cannot-decode-jws @var{value} @var{cause}
The @var{value} string is not an encoding of a valid JWS.
@end deftp

@deftp {exception type} &cannot-encode-jws @var{jws} @var{key} @var{cause}
The @var{jws} cannot be signed.
@end deftp

@deftp {exception type} &not-an-access-token @var{value} @var{cause}
The @var{value} is not an access token.
@end deftp

@deftp {exception type} &not-an-access-token-header @var{value} @var{cause}
The @var{value} is not an access token header.
@end deftp

@deftp {exception type} &not-an-access-token-payload @var{value} @var{cause}
The @var{value} is not an access token payload.
@end deftp

@deftp {exception type} &cannot-decode-access-token @var{value} @var{cause}
The @var{value} string is not an encoding of a valid access token.
@end deftp

@deftp {exception type} &cannot-encode-access-token @var{access-token} @var{key} @var{cause}
The @var{access-token} cannot be signed.
@end deftp

@deftp {exception type} &not-a-dpop-proof @var{value} @var{cause}
The @var{value} is not a DPoP proof.
@end deftp

@deftp {exception type} &not-a-dpop-proof-header @var{value} @var{cause}
The @var{value} is not a DPoP proof header.
@end deftp

@deftp {exception type} &not-a-dpop-proof-payload @var{value} @var{cause}
The @var{value} is not a DPoP proof payload.
@end deftp

@deftp {exception type} &cannot-decode-dpop-proof @var{value} @var{cause}
The @var{value} string is not an encoding of a valid DPoP proof.
@end deftp

@deftp {exception type} &cannot-encode-dpop-proof @var{dpop-proof} @var{key} @var{cause}
The @var{dpop-proof} cannot be signed.
@end deftp

@deftp {exception type} &not-an-authorization-code @var{value} @var{cause}
The @var{value} is not an authorization code.
@end deftp

@deftp {exception type} &not-an-authorization-code-header @var{value} @var{cause}
The @var{value} is not an authorization code header.
@end deftp

@deftp {exception type} &not-an-authorization-code-payload @var{value} @var{cause}
The @var{value} is not an authorization code payload.
@end deftp

@deftp {exception type} &cannot-decode-authorization-code @var{value} @var{cause}
The @var{value} string is not an encoding of a valid authorization
code.
@end deftp

@deftp {exception type} &cannot-encode-authorization-code @var{authorization-code} @var{key} @var{cause}
The @var{authorization-code} cannot be signed.
@end deftp

@deftp {exception type} &not-an-id-token @var{value} @var{cause}
The @var{value} is not an ID token.
@end deftp

@deftp {exception type} &not-an-id-token-header @var{value} @var{cause}
The @var{value} is not an ID token header.
@end deftp

@deftp {exception type} &not-an-id-token-payload @var{value} @var{cause}
The @var{value} is not an ID token payload.
@end deftp

@deftp {exception type} &cannot-decode-id-token @var{value} @var{cause}
The @var{value} string is not an encoding of a valid ID token.
@end deftp

@deftp {exception type} &cannot-encode-id-token @var{id-token} @var{key} @var{cause}
The @var{id-token} cannot be signed.
@end deftp

@node Cannot fetch data on the web
@section Cannot fetch data on the web
In the client (local and public parts), resource server and identity
provider, the protocol requires to fetch data on the web.

@deftp {exception type} &request-failed-unexpectedly @var{response-code} @var{response-reason-phrase}
We expected the request to succeed, but the server sent a non-OK
@var{response-code}.
@end deftp

@deftp {exception type} &unexpected-header-value @var{header} @var{value}
We did not expect the server to respond with @var{header} set to
@var{value}.
@end deftp

@deftp {exception type} &unexpected-response @var{response} @var{cause}
The @var{response} (from @emph{(web response)}) is not appropriate.
@end deftp

@deftp {exception type} &not-an-oidc-configuration @var{value} @var{cause}
The @var{value} is not appropriate an OIDC configuration.
@end deftp

@deftp {exception type} &cannot-fetch-issuer-configuration @var{issuer} @var{cause}
It is impossible to fetch the configuration of @var{issuer}.
@end deftp

@deftp {exception type} &cannot-fetch-jwks @var{issuer} @var{uri} @var{cause}
It is impossible to fetch the keys of @var{issuer} at @var{uri}.
@end deftp

@deftp {exception type} &cannot-fetch-linked-data @var{uri} @var{cause}
Could not fetch the graph referenced by @var{uri}.
@end deftp

@deftp {exception type} &cannot-fetch-client-manifest @var{id} @var{cause}
Could not fetch a client manifest at @var{id}.
@end deftp

@node Other errors in the protocol or from a reasonable implementation
@section Other errors in the protocol or from a reasonable implementation
The protocol does not rely solely on JWT validation, so these errors
may happen too.

@deftp {exception type} &dpop-method-mismatch @var{signed} @var{requested}
The method value @var{signed} in the DPoP proof does not match the
method that is @var{requested} on the server.
@end deftp

@deftp {exception type} &dpop-uri-mismatch @var{signed} @var{requested}
The URI value @var{signed} in the DPoP proof does not match the URI
that is @var{requested} on the server.
@end deftp

@deftp {exception type} &dpop-signed-in-future @var{signed} @var{current}
The proof is @var{signed} for a date which is too much ahead of the
@var{current} time.
@end deftp

@deftp {exception type} &dpop-too-old @var{signed} @var{current}
The proof was @var{signed} at a past date of @var{current}.
@end deftp

@deftp {exception type} &dpop-unconfirmed-key @var{key} @var{expected} @var{cause}
The confirmation of @var{key} is not what is @var{expected}, or (if a
function was passed as @var{cnf/check}) the @var{cause} exception
occurred while confirming.
@end deftp

@deftp {exception type} &jti-found @var{jti} @var{cause}
The @var{jti} of the proof has already been issued in a recent past.
@end deftp

@deftp {exception type} &unauthorized-redirection-uri @var{manifest} @var{uri}
The authorization @var{uri} is not advertised in @var{manifest}.
@end deftp

@deftp {exception type} &cannot-serve-public-manifest 
You cannot serve the public client manifest.
@end deftp

@deftp {exception type} &no-client-manifest-registration @var{id}
The @var{id} client manifest does not have a registration triple in
its document.
@end deftp

@deftp {exception type} &inconsistent-client-manifest-id @var{id} @var{advertised-id}
The client @var{manifest} is being fetched at @var{id}, but it is
valid for another client @var{advertised-id}.
@end deftp

@deftp {exception type} &authorization-code-expired @var{exp} @var{current-time}
The authorization code has expired at @var{exp}, it is now
@var{current-time}.
@end deftp

@deftp {exception type} &invalid-refresh-token @var{refresh-token}
The @var{refresh-token} is unknown to the identity provider.
@end deftp

@deftp {exception type} &invalid-key-for-refresh-token @var{key} @var{jkt}
The refresh token was issued for @var{jkt}, but it is used with
@var{key}.
@end deftp

@deftp {exception type} &unknown-client-locale @var{web-locale} @var{c-locale}
The @var{web-locale} of the client, translated to C as @var{c-locale},
cannot be set. This exception is always continuable; if the handler
returns, then the page will be served in the english locale.
@end deftp

@deftp {exception type} &unsupported-grant-type @var{value}
The token request failed to indicate a @var{value} for the grant type,
or indicated an unsupported grant type.
@end deftp

@deftp {exception type} &no-authorization-code 
The token request forgot to put an authorization code.
@end deftp

@deftp {exception type} &no-refresh-token 
The token request forgot to put a refresh token with the request.
@end deftp

@deftp {exception type} &unconfirmed-provider @var{subject} @var{provider}
@var{provider} is not confirmed by @var{subject} as an identity
provider.
@end deftp

@node GNU Free Documentation License
@appendix GNU Free Documentation License

@include fdl.texi

@node Index
@unnumbered Index

@printindex cp

@bye