[taler-docs] branch master updated: document need for RFC 8959 prefix (#

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[taler-docs] branch master updated: document need for RFC 8959 prefix (#

From:	gnunet
Subject:	[taler-docs] branch master updated: document need for RFC 8959 prefix (#9112)
Date:	Sat, 24 Aug 2024 16:11:13 +0200

This is an automated email from the git hooks/post-receive script.

grothoff pushed a commit to branch master
in repository docs.

The following commit(s) were added to refs/heads/master by this push:
     new dfd8ea54 document need for RFC 8959 prefix (#9112)
dfd8ea54 is described below

commit dfd8ea545acbe1d2b0b0b7afa0cabab12d065efa
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Sat Aug 24 16:11:10 2024 +0200

    document need for RFC 8959 prefix (#9112)
---
 manpages/challenger-admin.1.rst |  4 ++--
 taler-challenger-manual.rst     | 23 +++++++++++------------
 2 files changed, 13 insertions(+), 14 deletions(-)

diff --git a/manpages/challenger-admin.1.rst b/manpages/challenger-admin.1.rst
index 8d7d823d..2441b7a4 100644
--- a/manpages/challenger-admin.1.rst
+++ b/manpages/challenger-admin.1.rst
@@ -32,8 +32,8 @@ Description
 
 Its options are as follows:
 
-**-a** *SECRET* \| **--add=**\ ‌\ *SECRET*
-   Add the client with the given *CLIENT_REDIRECT_URL setting the client 
secret to *SECRET*.  Prints the *CLIENT_ID* of the added client.
+**-a** *CLIENT_SECRET* \| **--add=**\ ‌\ *CLIENT_SECRET*
+   Add the client with the given *CLIENT_REDIRECT_URL setting the client 
secret to *CLIENT_SECRET*.  Prints the *CLIENT_ID* of the added client. The 
*CLIENT_SECRET* must begin with "secret-token:" as per RFC 8959.
 
 **-c** *FILENAME* \| **--config=**\ ‌\ *FILENAME*
    Use the configuration and other resources for the Challenger commands
diff --git a/taler-challenger-manual.rst b/taler-challenger-manual.rst
index 4198a9c9..75215f25 100644
--- a/taler-challenger-manual.rst
+++ b/taler-challenger-manual.rst
@@ -421,7 +421,7 @@ Authorizing clients
 
 Before clients can use Challenger, they must be explicitly configured. Each
 client is identified via its OAuth 2.0 REDIRECT URI.  Thus, a client must have
-exactly one REDIRECT URI
+exactly one REDIRECT URI. Challenger also does not allow multiple clients 
sharing the same REDIRECT URI.
 
 .. note::
 
@@ -438,16 +438,16 @@ restarting the service.  To add (or remove) a client, you 
must use the
 
 .. code-block:: shell-session
 
-  # sudo -u challenger-httpd challenger-admin --add=$SECRET $REDIRECT_URI
+  # sudo -u challenger-httpd challenger-admin --add=$CLIENT_SECRET 
$CLIENT_REDIRECT_URI
 
-Here, ``$SECRET`` is the client secret of OAuth 2.0 which will be used in
-various parts of the protocol to authenticate the client.  The
-``$REDIRECT_URI`` is the URI where the user-agent will be redirected to upon
+Here, ``$CLIENT_SECRET`` is the client secret of OAuth 2.0 which will be used 
in
+various parts of the protocol to authenticate the client. It must begin with 
the "secret-token:" prefix of RFC 8959.  The
+``$CLIENT_REDIRECT_URI`` is the REDIRECT URI where the user-agent will be 
redirected to upon
 completion of the process.  The ``challenger-admin`` command will
-then output the *client ID*, which will be a unique positive number.
+then output the *CLIENT_ID*, which will be a unique positive number.
 The first time you run the command, you will thus likely see:
-``Client added. Client ID is: 1``.  This client ID, the ``$SECRET``
-and the ``$REDIRECT_URI`` will form the foundation for the OAuth 2.0
+``Client added. Client ID is: 1``.  This CLIENT_ID, the ``$CLIENT_SECRET``
+and the ``$CLIENT_REDIRECT_URI`` will form the foundation for the OAuth 2.0
 configuration.
 
 
@@ -469,8 +469,8 @@ by the client using the ``/setup/$CLIENT_ID`` endpoint!
   validation could be expensive.
 
 Thus, to generate the authorization URL, a client must first POST to
-``/setup/$CLIENT_ID`` using their client secret in an ``Authorization: Bearer 
$SECRET``
-HTTP header to obtain a fresh ``$NONCE``.
+``/setup/$CLIENT_ID`` using their client secret in an ``Authorization: Bearer
+$CLIENT_SECRET`` HTTP header to obtain a fresh ``$NONCE``.
 
 In the GNU Taler exchange configuration, this is indicated by appending
 ``#setup`` to the ``KYC_OAUTH2_AUTHORIZE_URL`` endpoint.  Be careful to quote
@@ -487,6 +487,7 @@ the configuration file syntax:
   KYC_OAUTH2_TOKEN_URL = "https://challenger.example.com/token";
   KYC_OAUTH2_INFO_URL = "https://challenger.example.com/info";
   KYC_OAUTH2_CLIENT_ID = 1
+  # Make sure to include the RFC 8959 prefix in "$SECRET"
   KYC_OAUTH2_CLIENT_SECRET = "$SECRET"
 
 
@@ -525,5 +526,3 @@ The Challenger database can be re-initialized using:
 
 However, running this command will result in all data in the database
 being lost.
-
-

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.

[Prev in Thread]

Current Thread

[Next in Thread]

[taler-docs] branch master updated: document need for RFC 8959 prefix (#9112), gnunet <=

Prev by Date: [taler-challenger] branch master updated: fix #9112
Next by Date: [taler-marketing] branch master updated: add TOPS variant for German
Previous by thread: [taler-challenger] branch master updated: fix #9112
Next by thread: [taler-marketing] branch master updated: add TOPS variant for German
Index(es):
- Date
- Thread