blob: 2f264f258bb310e0aae1ce6805fe21e03a8d9354 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
|
<schemalist>
<schema id="eu.planete_kraus.Disfluid.Client" gettext-domain="@PACKAGE@">
<key name="client-id" type="s">
<summary>Client ID</summary>
<description>
The client application needs a public presence on the
world-wide web so that the identity provider can check it is
not spoofed; this is the public URI where to obtain
machine-readable information about the application
</description>
<default>'https://webid-oidc-demo.planete-kraus.eu/example-application#id'</default>
</key>
<key name="key-pair" type="s">
<summary>Client key pair</summary>
<description>
When creating new accounts, use this key pair to certify them
(in the JWK format); an empty value will generate a new key
pair
</description>
<default>''</default>
</key>
<key name="redirect-uri" type="s">
<summary>Client redirect URI</summary>
<description>
When receiving an authorization, the user’s browser is
redirected to this URI, where the user should be presented
with a code to paste into the application
</description>
<default>'https://webid-oidc-demo.planete-kraus.eu/authorized'</default>
</key>
</schema>
<schema id="eu.planete_kraus.Disfluid.Account">
<key name="subject" type="s">
<summary>Account webid</summary>
<description>
The accounts are tied to a particular user, through a webid
</description>
<default>''</default>
</key>
<key name="issuer" type="s">
<summary>Identity provider</summary>
<description>
The account is certified by the server running at this URI
</description>
<default>''</default>
</key>
<key name="key-pair" type="s">
<summary>JWK key pair</summary>
<description>
Our account is certified to be used with a key pair that the
application owns; the key is in the JWK format
</description>
<default>''</default>
</key>
<key name="id-token-header" type="s">
<summary>Header of the identity token</summary>
<description>
How we verified the signature of the ID token; if the account
needs to be refreshed then it may be empty
</description>
<default>''</default>
</key>
<key name="id-token" type="s">
<summary>Identity token</summary>
<description>
The identity provider sent an ID token to remind us who you
are; if the account needs to be refreshed it may be empty
</description>
<default>''</default>
</key>
<key name="access-token" type="s">
<summary>Access token</summary>
<description>
This token is presented to the resource server when we
authentify; it is bound to a key whose possession we need to
prove at the same time; if the account needs to be refreshed
it may be empty
</description>
<default>''</default>
</key>
<key name="refresh-token" type="s">
<summary>Refresh token</summary>
<description>
When the account expires, we present this token to the
identity provider to refresh it; it is also bound to the key
pair; if the user did not give us refresh permission it may be
empty
</description>
<default>''</default>
</key>
</schema>
<schema id="eu.planete_kraus.Disfluid" path="/eu/planete_kraus/Disfluid/">
<child name="client" schema="eu.planete_kraus.Disfluid.Client" />
<child name="main-account" schema="eu.planete_kraus.Disfluid.Account" />
<!-- https://gitlab.gnome.org/GNOME/glib/-/issues/993, I can’t
create dynamic accounts because I won’t be able to free
storage -->
<child name="other-account-1" schema="eu.planete_kraus.Disfluid.Account" />
<child name="other-account-2" schema="eu.planete_kraus.Disfluid.Account" />
<child name="other-account-3" schema="eu.planete_kraus.Disfluid.Account" />
<child name="other-account-4" schema="eu.planete_kraus.Disfluid.Account" />
<child name="other-account-5" schema="eu.planete_kraus.Disfluid.Account" />
<child name="other-account-6" schema="eu.planete_kraus.Disfluid.Account" />
<child name="other-account-7" schema="eu.planete_kraus.Disfluid.Account" />
<child name="other-account-8" schema="eu.planete_kraus.Disfluid.Account" />
<child name="other-account-9" schema="eu.planete_kraus.Disfluid.Account" />
<child name="other-account-10" schema="eu.planete_kraus.Disfluid.Account" />
</schema>
</schemalist>
|