@@ -1,37 +1,38 @@

 ;;;; cl-oid-connect.lisp

 ;;;; TODO: Need to refactor out server names!!!

+

 #|

-|Copyright (c) 2015 Edward Langley

-|All rights reserved.

-|

-|Redistribution and use in source and binary forms, with or without

-|modification, are permitted provided that the following conditions

-|are met:

-|

-|Redistributions of source code must retain the above copyright notice,

-|this list of conditions and the following disclaimer.

-|

-|Redistributions in binary form must reproduce the above copyright

-|notice, this list of conditions and the following disclaimer in the

-|documentation and/or other materials provided with the distribution.

-|

-|Neither the name of the project's author nor the names of its

-|contributors may be used to endorse or promote products derived from

-|this software without specific prior written permission.

-|

-|THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS

-|"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT

-|LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS

-|FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT

-|HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

-|SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES  INCLUDING, BUT NOT LIMITED

-|TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR

-|PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF

-|LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING

-|NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS

-|SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

-|

-|#

+ |Copyright (c) 2015 Edward Langley

+ |All rights reserved.

+ |

+ |Redistribution and use in source and binary forms, with or without

+ |modification, are permitted provided that the following conditions

+ |are met:

+ |

+ |Redistributions of source code must retain the above copyright notice,

+ |this list of conditions and the following disclaimer.

+ |

+ |Redistributions in binary form must reproduce the above copyright

+ |notice, this list of conditions and the following disclaimer in the

+ |documentation and/or other materials provided with the distribution.

+ |

+ |Neither the name of the project's author nor the names of its

+ |contributors may be used to endorse or promote products derived from

+ |this software without specific prior written permission.

+ |

+ |THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS

+ |"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT

+ |LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS

+ |FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT

+ |HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

+ |SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES  INCLUDING, BUT NOT LIMITED

+ |TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR

+ |PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF

+ |LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING

+ |NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS

+ |SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

+ |

+ |#

 (in-package :cl-oid-connect)

 ; Should this be here?

@@ -60,9 +61,29 @@

 (defmacro def-route ((url args &key (app *oid*) (method :GET)) &body body)

   `(setf (ningle:route ,app ,url :method ,method)

-         #'(lambda ,args

-             (declare (ignorable ,@args))

-             ,@body)))

+         (lambda ,args

+           (declare (ignorable ,@args))

+           ,@body)))

+

+(defun gen-state (len)

+  (with-output-to-string (stream)

+    (let ((*print-base* 36))

+      (loop repeat len

+            do (princ (random 36) stream)))))

+

+(defun valid-state (received-state)

+  (let* ((session (context :session))

+         (saved-state (gethash :state session)))

+    (equal saved-state received-state)))

+

+(defmacro my-with-context-variables ((&rest vars) &body body)

+  "This improves fukamachi's version by permitting the variable to be stored somewhere

+   besides the symbol corresponding to the keyword."

+  `(symbol-macrolet

+       ,(loop for (var key) in (ensure-mapping vars)

+              for form = `(context ,(intern (string key) :keyword))

+              collect `(,var ,form))

+     ,@body))

 (defparameter *oid* (make-instance 'ningle:<app>))

 (setf drakma:*text-content-types* (cons '("application" . "json") drakma:*text-content-types*))

@@ -77,44 +98,14 @@

                                               (userinfo-endpoint nil :accessor t)

                                               (auth-scope "openid profile email" :accessor t)

                                               (redirect-uri nil :accessor t))))

+

 (sheeple:defmessage get-user-info (a b))

 (sheeple:defmessage get-access-token (a b))

 (sheeple:defreply get-user-info ((a =endpoint-schema=) (b sheeple:=string=)))

 (sheeple:defreply get-access-token ((a =endpoint-schema=) (b sheeple:=string=)))

-(defparameter *fbook-info* (sheeple:clone =service-info=))

-(defparameter *goog-info* (sheeple:clone =service-info=))

 (defparameter *endpoint-schema* nil)

-(defparameter *goog-endpoint-schema* (defobject (=endpoint-schema= *goog-info*)))

-

-(defproto *fbook-endpoint-schema* (=endpoint-schema= *fbook-info*)

-          ((auth-endpoint "https://www.facebook.com/dialog/oauth")

-           (token-endpoint "https://graph.facebook.com/v2.3/oauth/access_token")

-           (userinfo-endpoint "https://graph.facebook.com/v2.3/me")

-           (auth-scope "email")

-           (redirect-uri  "http://srv2.elangley.org:9090/oidc_callback/facebook")))

-

-(sheeple:defreply get-access-token ((endpoint-schema *fbook-endpoint-schema*) (code sheeple:=string=))

-  (cl-json:decode-json-from-string

-    (drakma:http-request (token-endpoint endpoint-schema)

-                         :method :post

-                         :redirect nil

-                         :parameters `(("code" . ,code)

-                                       ("client_id" . ,(client-id endpoint-schema))

-                                       ("app_id" . ,(client-id endpoint-schema))

-                                       ("client_secret" . ,(secret endpoint-schema))

-                                       ("redirect_uri" . ,(redirect-uri endpoint-schema))

-                                       ("grant_type" . "authorization_code")

-                                       ("")

-                                       ))))

-

-(sheeple:defreply get-user-info ((endpoint-schema *fbook-endpoint-schema*) (access-token sheeple:=string=))

-  (let ((endpoint (userinfo-endpoint endpoint-schema)))

-    (cl-json:decode-json-from-string

-      (drakma:http-request endpoint

-                           :parameters `(("access_token" . ,access-token))))))

-

 (defmacro string-assoc (key alist) `(assoc ,key ,alist :test #'equal))

 (defmacro assoc-cdr (key alist &optional (test '#'eql)) `(cdr (assoc ,key ,alist :test ,test)))

@@ -145,18 +136,6 @@

                                      ("redirect_uri" . ,(redirect-uri endpoint-schema))

                                      ("state" . ,state))))

-(defun gen-state (len)

-  (with-output-to-string (stream)

-    (let ((*print-base* 36))

-      (loop repeat len

-            do (princ (random 36) stream)))))

-

-

-(defun valid-state (received-state)

-  (let* ((session (context :session))

-         (saved-state (gethash :state session)))

-    (equal saved-state received-state)))

-

 (defmacro auth-entry-point (name endpoint-schema)

   `(defun ,name (params)

      (declare (ignore params))

@@ -169,8 +148,8 @@

            (if (< rcode 400) `(302 (:location ,(format nil "~a" uri)))

              content))))))

-(flet ((get-code (params) (assoc-cdr "code" params #'equal)))

-  (defun run-callback-function (endpoint-schema params get-login-data get-app-user-cb)

+(defun run-callback-function (endpoint-schema params get-app-user-cb get-login-data)

+  (flet ((get-code (params) (assoc-cdr "code" params #'equal)))

     (let ((a-t (get-access-token endpoint-schema (get-code params))))

       (auth-callback-skeleton params (:endpoint-schema endpoint-schema

                                       :auth-session-vars (accesstoken userinfo idtoken app-user))

@@ -181,10 +160,14 @@

                 app-user (funcall get-app-user-cb user-info id-token access-token)))

         '(302 (:location "/"))))))

-(defmacro def-callback-generator (name generator-args callback-args &body body)

-  `(defun ,name ,generator-args

-     (lambda ,callback-args

-       ,@body)))

+(defmacro generate-auth-callback (name endpoint-schema params &body body)

+  (with-gensyms (get-app-user-cb cb-params)

+    `(defun ,name (,get-app-user-cb)

+       (lambda (,cb-params)

+         (run-callback-function

+           ,endpoint-schema ,cb-params ,get-app-user-cb

+           (lambda ,params

+             ,@body))))))

 (defmacro reject-when-state-invalid (params &body body)

   (alexandria:with-gensyms (received-state)

@@ -208,15 +191,6 @@

 (define-condition user-not-logged-in (error) ())

-(defmacro my-with-context-variables ((&rest vars) &body body)

-  "This improves fukamachi's version by permitting the variable to be stored somewhere

-   besides the symbol corresponding to the keyword."

-  `(symbol-macrolet

-       ,(loop for (var key) in (ensure-mapping vars)

-              for form = `(context ,(intern (string key) :keyword))

-              collect `(,var ,form))

-     ,@body))

-

 (defmacro ensure-logged-in (&body body)

   "Ensure that the user is logged in: otherwise throw the condition user-not-logged-in"

   (alexandria:with-gensyms (session userinfo)

@@ -226,13 +200,10 @@

            (error 'user-not-logged-in)

            (progn ,@body))))))

-(flet

-  ((handle-no-user (main-body handler-body)

-     `(handler-case

-        (ensure-logged-in ,@main-body)

-        (user-not-logged-in (e)

-                            (declare (ignorable e))

-                            ,@handler-body))))

+(flet ((handle-no-user (main-body handler-body)

+         `(handler-case (ensure-logged-in ,@main-body)

+            (user-not-logged-in (e) (declare (ignorable e))

+                                ,@handler-body))))

   (defmacro check-login (&body body)

     "Returns an HTTP 401 Error if not logged in."

@@ -245,21 +216,40 @@

                         (setf next-page (lack.request:request-path-info *request*))

                         '(302 (:location "/login")))))))

-(defun load-facebook-info (loadfrom)

-  (with-open-file (fbook-info (truename loadfrom))

-    (let* ((data (yason:parse fbook-info))

-           (client-id (gethash "client-id" data))

-           (secret (gethash "secret" data)))

-      (setf (client-id *FBOOK-INFO*) client-id)

-      (setf (secret *FBOOK-INFO*) secret))))

-

-(defun load-google-info (loadfrom)

-  (with-open-file (goog-info (truename loadfrom))

-    (let* ((data (yason:parse goog-info))

-           (client-id (gethash "client-id" data))

-           (secret (gethash "secret" data)))

-      (setf (client-id *GOOG-INFO*) client-id)

-      (setf (secret *GOOG-INFO*) secret))))

+(defparameter *fbook-info* (sheeple:clone =service-info=))

+(defparameter *goog-info* (sheeple:clone =service-info=))

+(defparameter *goog-endpoint-schema* (defobject (=endpoint-schema= *goog-info*)))

+

+(defproto *fbook-endpoint-schema* (=endpoint-schema= *fbook-info*)

+          ((auth-endpoint "https://www.facebook.com/dialog/oauth")

+           (token-endpoint "https://graph.facebook.com/v2.3/oauth/access_token")

+           (userinfo-endpoint "https://graph.facebook.com/v2.3/me")

+           (auth-scope "email")

+           (redirect-uri  "http://srv2.elangley.org:9090/oidc_callback/facebook")))

+

+(sheeple:defreply get-access-token ((endpoint-schema *fbook-endpoint-schema*) (code sheeple:=string=))

+  (cl-json:decode-json-from-string

+    (drakma:http-request (token-endpoint endpoint-schema)

+                         :method :post

+                         :redirect nil

+                         :parameters `(("code" . ,code)

+                                       ("client_id" . ,(client-id endpoint-schema))

+                                       ("app_id" . ,(client-id endpoint-schema))

+                                       ("client_secret" . ,(secret endpoint-schema))

+                                       ("redirect_uri" . ,(redirect-uri endpoint-schema))

+                                       ("grant_type" . "authorization_code")

+                                       ("")

+                                       ))))

+

+(sheeple:defreply get-user-info ((endpoint-schema *fbook-endpoint-schema*) (access-token sheeple:=string=))

+  (let ((endpoint (userinfo-endpoint endpoint-schema)))

+    (cl-json:decode-json-from-string

+      (drakma:http-request endpoint

+                           :parameters `(("access_token" . ,access-token))))))

+

+(defun load-provider-secrets (provider-info secrets)

+  (setf (client-id provider-info) (assoc-cdr :client-id secrets)

+        (secret provider-info) (assoc-cdr :secret secrets)))

 (defun goog-get-access-token (endpoint-schema code)

   (cl-json:decode-json-from-string

@@ -289,49 +279,35 @@

 (auth-entry-point google-login-entry *goog-endpoint-schema*)

 (auth-entry-point facebook-login-entry *fbook-endpoint-schema*)

-(labels ((get-real-access-token (a-t) (assoc-cdr :access--token a-t))

-         (get-id-token (a-t) (cljwt:decode (assoc-cdr :id--token a-t) :fail-if-unsupported nil))

-         (get-login-data (a-t)

-           (let ((access-token (get-real-access-token a-t)))

-             (values access-token

-                     (get-user-info *goog-endpoint-schema* access-token)

-                     (get-id-token a-t)))))

-

-  (def-callback-generator google-callback (get-app-user-cb) (params)

-    (run-callback-function *goog-endpoint-schema* params #'get-login-data get-app-user-cb)))

-

-(labels ((get-id-token (a-t) (assoc-cdr :access--token a-t)) ; <-- access--token is not a mistake 

-         (get-login-data (a-t)

-           (let ((id-token (get-id-token a-t)))

-             (values a-t (get-user-info *fbook-endpoint-schema* id-token) id-token))))

-

-  (def-callback-generator facebook-callback (get-app-user-cb) (params)

-    (run-callback-function *fbook-endpoint-schema* params #'get-login-data get-app-user-cb)))

-

-(defun userinfo-route (params)

-  (declare (ignore params))

-  (with-context-variables (session)

-    (require-login

-      (with-endpoints  (gethash :endpoint-schema session)

-        (cl-json:encode-json-to-string (gethash :userinfo session))))))

-

-(defun logout-route (params)

-  (declare (ignore params))

-  (with-context-variables (session)

-    (setf (gethash :userinfo session) nil)

-    '(302 (:location "/"))))

-

-(defun oauth2-login-middleware (app &key google-info facebook-info (login-callback #'identity))

-  (load-facebook-info facebook-info)

-  (load-goog-endpoint-schema)

-  (load-google-info google-info)

-  (setf (route app "/userinfo.json" :method :get) #'userinfo-route

-        (route app "/logout"  :method :get) #'logout-route

-        (route app "/login/google" :method :get) #'google-login-entry

-        (route app "/login/facebook" :method :get) #'facebook-login-entry

+(generate-auth-callback google-callback *goog-endpoint-schema* (a-t)

+  (labels ((get-real-access-token (a-t) (assoc-cdr :access--token a-t))

+           (get-id-token (a-t) (cljwt:decode (assoc-cdr :id--token a-t) :fail-if-unsupported nil)))

+    (let ((access-token (get-real-access-token a-t)))

+      (values access-token

+        (get-user-info *goog-endpoint-schema* access-token)

+        (get-id-token a-t)))))

+

+(generate-auth-callback facebook-callback *fbook-endpoint-schema* (a-t)

+  (labels ((get-id-token (a-t) (assoc-cdr :access--token a-t)))

+    ; ^-- access--token is not a mistake here

+    (let ((id-token (get-id-token a-t)))

+      (values a-t (get-user-info *fbook-endpoint-schema* id-token) id-token))))

+

+(defun initialize-oid-connect (facebook-info google-info)

+  "Load the Google and Facebook app secrets and initialize Google's openid-configuration

+   form its well-known document"

+  (load-provider-secrets *fbook-info* facebook-info)

+  (load-provider-secrets *goog-info* google-info) 

+  (load-goog-endpoint-schema))

+

+(defun bind-oid-connect-routes (app &optional (login-callback #'identity))

+  (setf (route app "/login/google" :method :get) (lambda (params) (google-login-entry params))

+        (route app "/login/facebook" :method :get) (lambda (params) (facebook-login-entry params))

         (route app "/oidc_callback/google" :method :get) (google-callback login-callback)

-        (route app "/oidc_callback/facebook" :method :get) (facebook-callback login-callback))

-  (lambda (app) (lambda (env) (funcall app env))))

+        (route app "/oidc_callback/facebook" :method :get) (facebook-callback login-callback)))

+

+(defmacro setup-oid-connect (app args &body callback)

+  `(bind-oid-connect-routes ,app (lambda ,args ,@callback)))

 (defmacro redirect-if-necessary (sessionvar &body body)

   (with-gensyms (session)

@@ -1,4 +1,6 @@

 (in-package :cl-user)

+(ql:quickload :clack-middleware-postmodern)

+

 (ql:quickload :cl-markup)

 (ql:quickload :cl-oid-connect)

 (ql:quickload :colors)

@@ -25,7 +27,7 @@

 (load "rss.lisp")

 (defpackage :whitespace

-  (:use #:cl #:whitespace.utils #:whitespace.feeds.rss #:whitespace.tables))

+  (:use #:cl #:anaphora #:whitespace.utils #:whitespace.feeds.rss #:whitespace.tables))

 (in-package plump-dom)

@@ -141,18 +143,18 @@

 ; ; ;  Ultimately, this will only serialize the feed if the client

 (cl-oid-connect:def-route ("/feeds/add" (params) :method :post :app *app*)

-  (ningle.context:with-context-variables (session) 

+  (ningle.context:with-context-variables (session)

     (let ((user-info (gethash :app-user session))

           (result '(302 (:location "/")))

-          (api (string= (cl-oid-connect:assoc-cdr "api" params 'string=) "yes")) 

-          (url (cl-oid-connect:assoc-cdr "url" params 'string=)) 

+          (api (string= (cl-oid-connect:assoc-cdr "api" params 'string=) "yes"))

+          (url (cl-oid-connect:assoc-cdr "url" params 'string=))

           (plump-parser:*tag-dispatchers* plump-parser:*xml-tags*))

       (cl-oid-connect:require-login

         (when (neither-null params user-info)

           (handler-case

             (let* ((doc (plump:parse (drakma:http-request url)))

                    (uid (slot-value user-info 'id)))

-              (multiple-value-bind (added-feed dao-feed) (store-feed doc) 

+              (multiple-value-bind (added-feed dao-feed) (store-feed doc)

                 (subscribe-to-feed uid (slot-value dao-feed 'id))

                 (when api

                   (setf result `(200 (:Content-Type "application/json") ,(jsonapi-encoder t added-feed))))))

@@ -182,38 +184,7 @@

                                                           collect (elt *feeds* x)))))

         (base-template-f)))))

-(defun login-callback (userinfo &rest args)

-  (declare (ignore args))

-  (postmodern:with-transaction ()

-    (let* ((received-id (anaphora:aif (cl-oid-connect:assoc-cdr :id userinfo)

-                          anaphora:it

-                          (cl-oid-connect:assoc-cdr :sub userinfo)))

-           (db-user (car (postmodern:select-dao 'reader_user (:= :foreign-id received-id)))))

-      (if (not (null db-user))

-        db-user

-        (progn

-          (let ((name (cl-oid-connect:assoc-cdr :name userinfo))

-                (first-name (anaphora:aif (cl-oid-connect:assoc-cdr :first--name userinfo)

-                              anaphora:it

-                              (cl-oid-connect:assoc-cdr :given--name userinfo)))

-                (last-name (anaphora:aif (cl-oid-connect:assoc-cdr :last--name userinfo)

-                             anaphora:it

-                             (cl-oid-connect:assoc-cdr :family--name userinfo)))

-                (email (cl-oid-connect:assoc-cdr :email userinfo))

-                (gender (cl-oid-connect:assoc-cdr :gender userinfo))

-                (link (anaphora:aif (cl-oid-connect:assoc-cdr :link userinfo)

-                        anaphora:it

-                        (cl-oid-connect:assoc-cdr :profile userinfo)))

-                (locale (cl-oid-connect:assoc-cdr :locale userinfo)))

-            (postmodern:make-dao 'reader_user

-                                 :foreign-id received-id

-                                 :first-name first-name

-                                 :last-name last-name

-                                 :name name

-                                 :email email

-                                 :gender gender

-                                 :link link

-                                 :locale locale)))))))

+

 (cl-oid-connect:def-route ("/demo" (params) :app *app*)

   (base-template-f t))

@@ -325,14 +296,45 @@

   (colors:let-palette (colors:invert-palette (make-instance 'colors:palette))

     (eval '(get-theme-css))))

-(defparameter oid-mw

-    (cl-oid-connect:oauth2-login-middleware

-      *app*

-      :facebook-info (truename "~/github_repos/cl-oid-connect/facebook-secrets.json")

-      :google-info (truename "~/github_repos/cl-oid-connect/google-secrets.json")

-      :login-callback #'login-callback))

+(cl-oid-connect:def-route ("/userinfo.json" (params) :app *app*)

+  (declare (ignore params))

+  (ningle:with-context-variables (session)

+    (cl-oid-connect:require-login

+      (cl-oid-connect::with-endpoints (gethash :endpoint-schema session)

+        `(200 (:content-type "application/json") ,(cl-json:encode-json-to-string (gethash :userinfo session)))))))

-(ql:quickload :clack-middleware-postmodern)

+(cl-oid-connect:def-route ("/logout" (params) :app *app*)

+  (declare (ignore params))

+  (ningle:with-context-variables (session)

+    (setf (gethash :userinfo session) nil)

+    '(302 (:location "/"))))

+

+(defun assoc-cdr-alternatives (alist alt1 alt2 &optional (test #'eql))

+  (aif (cl-oid-connect:assoc-cdr alt1 alist test)

+    it

+    (cl-oid-connect:assoc-cdr alt2 alist test)))

+

+(cl-oid-connect::setup-oid-connect *app* (userinfo &rest args)

+  (declare (ignore args) (optimize (speed 0) (safety 3) (debug 3)))

+  (flet ((get-received-id (userinfo) (assoc-cdr-alternatives userinfo :id :sub))

+         (get-db-user (received-id) (car (postmodern:select-dao 'reader_user (:= :foreign-id received-id)))) 

+         (get-first-name (userinfo) (assoc-cdr-alternatives userinfo :first--name :given--name))

+         (get-last-name (userinfo) (assoc-cdr-alternatives userinfo :last--name :family--name))

+         (get-link (userinfo) (assoc-cdr-alternatives userinfo :link :profile)))

+

+    (postmodern:with-transaction ()

+      (let ((received-id (get-received-id userinfo)))

+        (aif (get-db-user received-id) it

+          (postmodern:make-dao

+            'reader_user

+            :foreign-id received-id

+            :first-name (get-first-name userinfo)

+            :last-name (get-last-name userinfo)

+            :name (cl-oid-connect:assoc-cdr :name userinfo)

+            :email (cl-oid-connect:assoc-cdr :email userinfo)

+            :gender (cl-oid-connect:assoc-cdr :gender userinfo)

+            :link (get-link userinfo)

+            :locale (cl-oid-connect:assoc-cdr :locale userinfo)))))))

 (defun update-feed (url)

   (with-whitespace-db

@@ -382,6 +384,9 @@

   (defun stop () (clack:stop (pop handler)))

   (defun start (&optional tmp)

+    (cl-oid-connect:initialize-oid-connect

+      (ubiquitous:value 'facebook 'secrets)

+      (ubiquitous:value 'google 'secrets))

     (let ((server (if (> (length tmp) 1)

                     (intern (string-upcase (elt tmp 1)) 'keyword)

                     :hunchentoot)))

@@ -400,6 +405,6 @@

   (defun restart-clack ()

     (do () ((null handler)) (stop))

     (start)))

- 

+

 ; vim: foldmethod=marker foldmarker=(,) foldminlines=3 :

@@ -27,5 +27,6 @@

     #:assoc-cdr

     #:session ; private!!

     #:vars-to-symbol-macrolets

+    #:initialize-oid-connect

     ))