Merge branch 'master' into feature/tokens

1 files changed, 62 insertions, 19 deletions

diff --git a/manpages/taler.conf.5.rst b/manpages/taler.conf.5.rst
index fb443f80..3748b673 100644
--- a/manpages/taler.conf.5.rst
+++ b/manpages/taler.conf.5.rst
@@ -98,10 +98,6 @@ NAME
   Long human-readable name for the currency. No restrictions,
   but should match the official name in English.
 
-DECIMAL_SEPARATOR
-  What symbol should be used to separate fractional digits.
-  Typical values are "." or ",".
-
 FRACTIONAL_INPUT_DIGITS
   Number of fractional digits that users are allowed to enter
   manually in the user interface.
@@ -117,11 +113,6 @@ FRACTIONAL_TRAILING_ZERO_DIGITS
   even if these digits are all zero. For example, use 2 to
   render 1 USD as $1.00.
 
-IS_CURRENCY_NAME_LEADING
-  When rendering amounts, should the currency name or symbol
-  be before the amount ("$10") or after ("3,50 €"). Use "YES"
-  to render the symbol before, "NO" to render it afterwards.
-
 ALT_UNIT_NAMES
   JSON map determining how to encode very large or very tiny
   amounts in this currency. Maps a base10 logarithm to the
@@ -160,7 +151,9 @@ BIND_TO
 
 MASTER_PUBLIC_KEY
   Crockford Base32-encoded master public key, public version of the
-  exchange's long-time offline signing key.
+  exchange's long-time offline signing key.  This configuration option
+  is also used by the **auditor** to determine the public key of the
+  exchange which it is auditing.
 
 AML_THRESHOLD
   Largest amount in this currency that can be transferred per month without
@@ -169,15 +162,8 @@ AML_THRESHOLD
 KYC_AML_TRIGGER
   Program to run on KYC attribute data to decide whether we should immediately flag an account for AML review. Program must return 0 if a manual AML review is not needed, and non-zero to trigger an AML review. The KYC attribute data of the new user will be passed on standard-input.
 
-ENABLE_REWARDS
-  This option can be used to announce that an exchange does not allow
-  the use of the reserves for rewards. The default is YES which means
-  that rewards are allowed.  The option merely announces that
-  rewards is enabled or disabled, and protocol-compliant merchant
-  backends will then enable or disable the feature accordingly.
-
 STEFAN_ABS
-  Absolte amount to add as an offset in the STEFAN fee approximation
+  Absolute amount to add as an offset in the STEFAN fee approximation
   curve (see DD47).  Defaults to CURRENCY:0 if not specified.
 
 STEFAN_LOG
@@ -287,7 +273,7 @@ KYC_OAUTH2_VALIDITY
   Duration (e.g. "12 months") of the validity of the performed KYC check. Can be "forever".
 
 KYC_OAUTH2_AUTHORIZE_URL
-  URL of the OAuth2 endpoint to be used for KYC checks. The authorize URL is where the exchange will redirect the client to begin the authorization process.  Example: "http://localhost:8888/oauth/v2/authorize". To use the plugin in combination with the Challenger service's ``/setup`` step, append "#setup", thus "https://challenger.example.com/authorize#setup".  Here, "#setup" is not a fragment but merely a hint to the logic to determine the full authorization URL via the ``/setup`` handler.
+  URL of the OAuth2 endpoint to be used for KYC checks. The authorize URL is where the exchange will redirect the client to begin the authorization process.  Example: "http://localhost:8888/oauth/v2/authorize". To use the plugin in combination with the Challenger service's ``/setup`` step, append "#setup", thus "https://challenger.example.com/authorize#setup".  Here, "#setup" is not a fragment but merely a hint to the logic to determine the full authorization URL via the ``/setup/$CLIENT_ID`` handler.
 
 KYC_OAUTH2_TOKEN_URL
   URL of the OAuth2 endpoint to be used for KYC checks. This is where the server will ultimately send the authorization token from the client and obtain its access token (which currently must be a "bearer" token). Example: "http://localhost:8888/oauth/v2/token" (or just "/token")
@@ -304,6 +290,15 @@ KYC_OAUTH2_CLIENT_SECRET
 KYC_OAUTH2_POST_URL
   URL to which the exchange will redirect the client's browser after successful authorization/login for the KYC process. Example: "http://example.com/thank-you"
 
+KYC_OAUTH2_CONVERTER_HELPER
+  Helper to convert JSON with KYC data returned by the OAuth2.0 info endpoint into GNU Taler internal format. Specific to the OAuth 2.0 provider.
+
+KYC_OAUTH2_DEBUG_MODE
+  Set to YES to allow error responses to include potentially
+  sensitive private information (such as full responses
+  from the OAuth 2.0 server) that might aid in debugging
+  problems.  Should be set to "NO" in production.
+
 
 EXCHANGE KYC KYCAID OPTIONS
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -664,6 +659,9 @@ DB
 SERVE
   Should the HTTP server listen on a UNIX domain socket (set option to "unix") or on a TCP socket (set option to "tcp")?
 
+BASE_URL
+  Which base URL should the merchant backend assume for itself in the protocol. Optional. If not given, the base URL will be constructed from X-Forwarded-Host, X-Forwarded-Port and X-Forwarded-Prefix headers that a reverse-proxy should be setting.
+
 UNIXPATH
   Path to listen on if we "SERVE" is set to "unix".
 
@@ -787,6 +785,51 @@ RAM_LIMIT
   This gives the number of transactions to keep in memory. Older transactions will be overwritten and history requests for overwritten transactions will fail.
 
 
+Taler-mdb Options
+-----------------
+
+Taler-mdb is a component to run GNU Taler as a payment system on
+vending machines using the multi-drop bus protocol. These options
+are thus not useful for most users.  Note that right now, the
+cancel button is hard-coded to be using GPIO pin 23.
+
+ADVERTISEMENT_COMMAND
+  Program to run while not vending, possibly useful to show advertisements on the screen (optional).
+ESSID
+  ESSID to advertise to wallets for use as an open WiFi to make payments (optional).
+FULFILLMENT_MSG
+  Message shown to users by their wallets upon successful payment. If "${PRODUCT_DESCRIPTION}" appears in the message, it will be replaced with the description of the product that was sold.
+BACKEND_BASE_URL
+  Base URL (possibly including instance) for the Taler merchant backend used to process payments.
+BACKEND_AUTHORIZATION
+  Full HTTP "Authorization" header (usually with a Bearer token) to be send to the merchant backend for authorization of requests. Mandatory.
+FRAMEBUFFER_BACKLIGHT
+  Name of the file used to control brightness of the display. Optional. Defaults to "/sys/class/backlight/soc:backlight/brightness" if not given.
+FRAMEBUFFER_DEVICE
+  Name of the framebuffer device to use. Defaults to "/dev/fb1" if not given.
+UART_DEVICE
+  Name of the UART device to use. Defaults to "/dev/ttyAMA0" if not given.
+FAIL_COMMAND
+  Command to run to display a failure to the user. If not given, errors will not be properly shown.
+
+Each products being sold must be configured in a section where the name starts with "product-".
+In these sections, the options that must be provided are:
+
+NUMBER
+  Number identifying the slot in the vending machine that corresponds to this product.
+INSTANCE
+  Instance to use for the payment. Optional. If not given, the BACKEND_BASE_URL from "[taler-mdb]" will be used.
+BACKEND_AUTHORIZATION
+  Full HTTP "Authorization" header (usually with a Bearer token) to be send to the merchant backend for authorization of requests. Optional, will use global BACKEND_AUTHORIZATION setting from "[taler-mdb]" if missing.
+DESCRIPTION
+  Human-readable description of the product. Use "empty" if the product is known to be sold out (only effective if selling out is enabled via command-line).
+PRICE
+  Actual price of the product, as a Taler amount ("$CURRENCY:$VALUE.$FRACTION").
+KEY
+  Key used to select the product from the console during testing. Optional.
+THUMBNAIL
+  Name of a filename with a preview image of the product to be given to the wallet. Optional. Only ".png", ".jpg", ".jpeg" and ".svg" are supported at this time.
+
 
 SEE ALSO
 ========