From 1a377d729b3c00a4f14b6ad9b3f6bf7e2770f1b2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=89loi=20Rivard?= <eloi@yaal.coop>
Date: Fri, 22 Nov 2024 16:24:12 +0100
Subject: [PATCH] doc: documentation translation basic configuration

---
 CONTRIBUTING.rst                              |   16 +-
 doc/conf.py                                   |    5 +
 doc/features.rst                              |    2 +-
 doc/gettext/.gitignore                        |    3 +
 doc/gettext/development/changelog.pot         | 1712 +++++++++++++
 doc/gettext/development/contributing.pot      |  400 +++
 doc/gettext/development/index.pot             |   22 +
 doc/gettext/development/specifications.pot    |  542 +++++
 doc/gettext/features.pot                      |  597 +++++
 doc/gettext/index.pot                         |   97 +
 doc/gettext/locales/readme.pot                |   52 +
 doc/gettext/references/commands.pot           |  366 +++
 doc/gettext/references/configuration.pot      |  743 ++++++
 doc/gettext/references/index.pot              |   22 +
 doc/gettext/references/models.pot             |  632 +++++
 doc/gettext/tutorial/databases.pot            |  153 ++
 doc/gettext/tutorial/deployment.pot           |  122 +
 doc/gettext/tutorial/index.pot                |   22 +
 doc/gettext/tutorial/install.pot              |  132 +
 doc/gettext/tutorial/troubleshooting.pot      |   92 +
 doc/locales/fr_FR/LC_MESSAGES/development.po  | 2152 +++++++++++++++++
 .../LC_MESSAGES/development/changelog.po      | 1392 +++++++++++
 .../LC_MESSAGES/development/contributing.po   |  406 ++++
 .../fr_FR/LC_MESSAGES/development/index.po    |   25 +
 .../LC_MESSAGES/development/specifications.po |  491 ++++
 doc/locales/fr_FR/LC_MESSAGES/features.po     |  664 +++++
 doc/locales/fr_FR/LC_MESSAGES/index.po        |   93 +
 doc/locales/fr_FR/LC_MESSAGES/references.po   | 1831 ++++++++++++++
 .../fr_FR/LC_MESSAGES/references/commands.po  |  311 +++
 .../LC_MESSAGES/references/configuration.po   |  836 +++++++
 .../fr_FR/LC_MESSAGES/references/index.po     |   25 +
 .../fr_FR/LC_MESSAGES/references/models.po    |  948 ++++++++
 doc/locales/fr_FR/LC_MESSAGES/tutorial.po     |  466 ++++
 .../fr_FR/LC_MESSAGES/tutorial/databases.po   |  161 ++
 .../fr_FR/LC_MESSAGES/tutorial/deployment.po  |  134 +
 .../fr_FR/LC_MESSAGES/tutorial/index.po       |   25 +
 .../fr_FR/LC_MESSAGES/tutorial/install.po     |  131 +
 .../LC_MESSAGES/tutorial/troubleshooting.po   |  102 +
 doc/locales/readme.rst                        |   29 +
 pyproject.toml                                |    3 +-
 uv.lock                                       |   17 +
 41 files changed, 15966 insertions(+), 8 deletions(-)
 create mode 100644 doc/gettext/.gitignore
 create mode 100644 doc/gettext/development/changelog.pot
 create mode 100644 doc/gettext/development/contributing.pot
 create mode 100644 doc/gettext/development/index.pot
 create mode 100644 doc/gettext/development/specifications.pot
 create mode 100644 doc/gettext/features.pot
 create mode 100644 doc/gettext/index.pot
 create mode 100644 doc/gettext/locales/readme.pot
 create mode 100644 doc/gettext/references/commands.pot
 create mode 100644 doc/gettext/references/configuration.pot
 create mode 100644 doc/gettext/references/index.pot
 create mode 100644 doc/gettext/references/models.pot
 create mode 100644 doc/gettext/tutorial/databases.pot
 create mode 100644 doc/gettext/tutorial/deployment.pot
 create mode 100644 doc/gettext/tutorial/index.pot
 create mode 100644 doc/gettext/tutorial/install.pot
 create mode 100644 doc/gettext/tutorial/troubleshooting.pot
 create mode 100644 doc/locales/fr_FR/LC_MESSAGES/development.po
 create mode 100644 doc/locales/fr_FR/LC_MESSAGES/development/changelog.po
 create mode 100644 doc/locales/fr_FR/LC_MESSAGES/development/contributing.po
 create mode 100644 doc/locales/fr_FR/LC_MESSAGES/development/index.po
 create mode 100644 doc/locales/fr_FR/LC_MESSAGES/development/specifications.po
 create mode 100644 doc/locales/fr_FR/LC_MESSAGES/features.po
 create mode 100644 doc/locales/fr_FR/LC_MESSAGES/index.po
 create mode 100644 doc/locales/fr_FR/LC_MESSAGES/references.po
 create mode 100644 doc/locales/fr_FR/LC_MESSAGES/references/commands.po
 create mode 100644 doc/locales/fr_FR/LC_MESSAGES/references/configuration.po
 create mode 100644 doc/locales/fr_FR/LC_MESSAGES/references/index.po
 create mode 100644 doc/locales/fr_FR/LC_MESSAGES/references/models.po
 create mode 100644 doc/locales/fr_FR/LC_MESSAGES/tutorial.po
 create mode 100644 doc/locales/fr_FR/LC_MESSAGES/tutorial/databases.po
 create mode 100644 doc/locales/fr_FR/LC_MESSAGES/tutorial/deployment.po
 create mode 100644 doc/locales/fr_FR/LC_MESSAGES/tutorial/index.po
 create mode 100644 doc/locales/fr_FR/LC_MESSAGES/tutorial/install.po
 create mode 100644 doc/locales/fr_FR/LC_MESSAGES/tutorial/troubleshooting.po
 create mode 100644 doc/locales/readme.rst

diff --git a/CONTRIBUTING.rst b/CONTRIBUTING.rst
index 668bcd06..ac77b84b 100644
--- a/CONTRIBUTING.rst
+++ b/CONTRIBUTING.rst
@@ -157,11 +157,6 @@ The dynamical parts of the interface use `htmx <https://htmx.org/>`_.
   not depend on jQuery at all.
   See the `related issue <https://gitlab.com/yaal/canaille/-/issues/130>`_.
 
-Translations
-------------
-
-.. include:: ../../canaille/translations/README.rst
-
 Documentation
 -------------
 
@@ -179,6 +174,17 @@ You can also run sphinx by hand, that should be faster since it avoids the tox e
 
 The generated documentation is located at ``build/sphinx/html``.
 
+Code translation
+----------------
+
+.. include:: ../../canaille/translations/README.rst
+
+
+Documentation translation
+-------------------------
+
+.. include:: ../locales/readme.rst
+
 Publish a new release
 ---------------------
 
diff --git a/doc/conf.py b/doc/conf.py
index 6bc50b49..56eccd50 100644
--- a/doc/conf.py
+++ b/doc/conf.py
@@ -163,3 +163,8 @@ autodoc_pydantic_settings_show_field_summary = False
 autodoc_pydantic_settings_signature_prefix = ""
 autodoc_pydantic_field_signature_prefix = ""
 autodoc_pydantic_field_list_validators = False
+
+# -- Translation options ------------------------------------------------------
+# Advised by https://docs.readthedocs.io/en/latest/guides/manage-translations-sphinx.html#create-translatable-files
+gettext_uuid = True
+gettext_compact = False
diff --git a/doc/features.rst b/doc/features.rst
index 884e02d7..42120f2c 100644
--- a/doc/features.rst
+++ b/doc/features.rst
@@ -184,7 +184,7 @@ Internationalization
    :align: right
    :width: 600px
 
-Canaile will display in your :attr:`preferred language <canaille.core.models.User.preferred_language>` if available, or your browser language if available (and if it is not you can :ref:`help us with the translation <development/contributing:Translations>`).
+Canaile will display in your :attr:`preferred language <canaille.core.models.User.preferred_language>` if available, or your browser language if available (and if it is not you can :ref:`help us with the translation <development/contributing:Code translation>`).
 If you prefer, you can also :attr:`force a language <canaille.core.configuration.CoreSettings.FAVICON>` for every users.
 
 .. _feature_ui:
diff --git a/doc/gettext/.gitignore b/doc/gettext/.gitignore
new file mode 100644
index 00000000..45b334b8
--- /dev/null
+++ b/doc/gettext/.gitignore
@@ -0,0 +1,3 @@
+*
+!.gitignore
+!.pot
diff --git a/doc/gettext/development/changelog.pot b/doc/gettext/development/changelog.pot
new file mode 100644
index 00000000..906673e4
--- /dev/null
+++ b/doc/gettext/development/changelog.pot
@@ -0,0 +1,1712 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) 2024, Yaal Coop
+# This file is distributed under the same license as the canaille package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: canaille 0.0.56\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2024-11-22 16:20+0100\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../development/changelog.rst:2
+#: cee2d74ca8664599915e60ddd280d3a1
+msgid "Release notes"
+msgstr ""
+
+#: ../development/changelog.rst:4
+#: 9f61eac5446e43c086346be946d55874
+msgid "All notable changes to this project will be documented in there."
+msgstr ""
+
+#: ../development/changelog.rst:6
+#: fc16b680bffd404ba87f713b1872f7d7
+msgid "The format is based on `Keep a Changelog <https://keepachangelog.com/en/1.0.0/>`_, and this project adheres to `Semantic Versioning <https://semver.org/spec/v2.0.0.html>`_."
+msgstr ""
+
+#: ../../CHANGES.rst:2
+#: 176caee18a1649b58f7f78780e367f55
+msgid "[0.0.57] - Unreleased"
+msgstr ""
+
+#: ../../CHANGES.rst:5
+#: ../../CHANGES.rst:20
+#: ../../CHANGES.rst:48
+#: ../../CHANGES.rst:67
+#: ../../CHANGES.rst:74
+#: ../../CHANGES.rst:93
+#: ../../CHANGES.rst:151
+#: ../../CHANGES.rst:177
+#: ../../CHANGES.rst:192
+#: ../../CHANGES.rst:241
+#: ../../CHANGES.rst:267
+#: ../../CHANGES.rst:286
+#: ../../CHANGES.rst:294
+#: ../../CHANGES.rst:303
+#: ../../CHANGES.rst:327
+#: ../../CHANGES.rst:360
+#: ../../CHANGES.rst:386
+#: ../../CHANGES.rst:433
+#: ../../CHANGES.rst:461
+#: ../../CHANGES.rst:491
+#: ../../CHANGES.rst:547
+#: ../../CHANGES.rst:580
+#: ../../CHANGES.rst:601
+#: ../../CHANGES.rst:611
+#: ../../CHANGES.rst:634
+#: ../../CHANGES.rst:701
+#: ../../CHANGES.rst:739
+#: ../../CHANGES.rst:756
+#: ../../CHANGES.rst:792
+#: 4c25fff981724a85a7e32a726386f4b6
+#: 750629c62e4044538acf33d77d334edd
+#: c9231a93d74b407eac3965cdeaceb6e5
+#: 73409ee3658b4695a0f4c9173079e294
+#: 7e3b6d660f23487dbc3705b845d1909e
+#: 212eeb8eb18e407087a15d8a49fc4676
+#: 8d0f993945da42398fc1814e59dc6aac
+#: 83216da7c765416aaabc94d33b383825
+#: fd843d87ba63404a86ee089c82c2bc72
+#: b91280ce221b4489b8647fee434ca467
+#: f1299bdd6d094f40946b22afdc148141
+#: 659ee00d0fae4dde90f067bb24393b77
+#: 03d02379aebf4dd1b051d6e2833c5042
+#: ca581a37be43466fb99262481fd0150e
+#: 5a3f2e290d2f4d069f5545fba8dbf4ca
+#: fe3ed04c591b4d848d8d5798f3f6e5cb
+#: 40cdcf26cedb42d2bbafe6b4f99ffdfb
+#: 1b4f0a77d075474682a8eba4d3ed73c6
+#: 46cebcf957bb44b2896e2c0eab3df957
+#: 17a12737fbb2472db3676476ed9a5ae4
+#: 1c1901efbdd54a83b5071316076f221c
+#: 5e6e17e6f9cf491787a3b80ca2270305
+#: ba81b7b42a8b4f13a73572776cdb3225
+#: 581cc9d3d0e54b22aec75b75fae07933
+#: 6cf0b9cb098e4e55be4037c0d650dfef
+#: d6d408475e7f4ab3b896cd847632077c
+#: 42b2c8dc18b044598ef2c49db8b33424
+#: af4301e13bd34845b697f5947d95a050
+#: e25b4340ff4c4feab62077c20fc13c52
+msgid "Added"
+msgstr ""
+
+#: ../../CHANGES.rst:6
+#: 04a58cf7e7834c2481a71edcaf3b5329
+msgid "Password compromission check :issue:`179`"
+msgstr ""
+
+#: ../../CHANGES.rst:7
+#: c975d3b0332f49b6b6ebebd4a25fe8de
+msgid ":attr:`~canaille.core.configuration.CoreSettings.ADMIN_EMAIL` and :attr:`~canaille.core.configuration.CoreSettings.ENABLE_PASSWORD_COMPROMISSION_CHECK` and :attr:`~canaille.core.configuration.CoreSettings.API_URL_HIBP` :issue:`179`"
+msgstr ""
+
+#: ../../CHANGES.rst:13
+#: 51c0be75aeb44c16aede6138e5ea5278
+msgid "[0.0.56] - 2024-11-07"
+msgstr ""
+
+#: ../../CHANGES.rst:16
+#: ../../CHANGES.rst:58
+#: ../../CHANGES.rst:97
+#: ../../CHANGES.rst:105
+#: ../../CHANGES.rst:113
+#: ../../CHANGES.rst:120
+#: ../../CHANGES.rst:127
+#: ../../CHANGES.rst:141
+#: ../../CHANGES.rst:169
+#: ../../CHANGES.rst:182
+#: ../../CHANGES.rst:200
+#: ../../CHANGES.rst:219
+#: ../../CHANGES.rst:227
+#: ../../CHANGES.rst:253
+#: ../../CHANGES.rst:261
+#: ../../CHANGES.rst:281
+#: ../../CHANGES.rst:311
+#: ../../CHANGES.rst:341
+#: ../../CHANGES.rst:349
+#: ../../CHANGES.rst:373
+#: ../../CHANGES.rst:393
+#: ../../CHANGES.rst:415
+#: ../../CHANGES.rst:425
+#: ../../CHANGES.rst:446
+#: ../../CHANGES.rst:454
+#: ../../CHANGES.rst:477
+#: ../../CHANGES.rst:500
+#: ../../CHANGES.rst:512
+#: ../../CHANGES.rst:521
+#: ../../CHANGES.rst:530
+#: ../../CHANGES.rst:539
+#: ../../CHANGES.rst:559
+#: ../../CHANGES.rst:566
+#: ../../CHANGES.rst:616
+#: ../../CHANGES.rst:624
+#: ../../CHANGES.rst:649
+#: ../../CHANGES.rst:657
+#: ../../CHANGES.rst:665
+#: ../../CHANGES.rst:678
+#: ../../CHANGES.rst:692
+#: ../../CHANGES.rst:724
+#: ../../CHANGES.rst:747
+#: ../../CHANGES.rst:778
+#: 42738488d0cf4f66a77e005a55e290e8
+#: b98fb6a8cacf415ca3c53c7ddc4e22e9
+#: 11394506a65245eb97de436c93823315
+#: ee6a0099b2904cfda658ff66ca10e4f3
+#: 1639c0698abc45459c1cfb17c37b0514
+#: e8843468135d4c548d4b79c3759af294
+#: a23b09b89a12445ebffef8538aab76d3
+#: ffd91459cc9c4de897baf2756c187e45
+#: 1ca5e47e97f645beb4bba6567010345c
+#: aefb210d9c6f41ea854143c1cb9bbc9a
+#: 312d03c8b38a48b78dd1a415eeffabbf
+#: 5dfc75e88c184131b09bf8568175e3db
+#: ac580f4561174a13bd23aed4b74d2491
+#: 9221c65cb0cc4e389cc9aa8ec32ccdbe
+#: 5b37d7b0b8334ddb98029ddd2bc14051
+#: bec6e1a3b5d14ae8b81603e179242d4d
+#: 879816a68817405b816e7f0f1c8129b5
+#: a88d99f7ac2640d3bd85449fcb0d0365
+#: 52f77ff506d14db887cf146ba9a5f0fe
+#: 9cf9c3eb08b24833a4af419f21e9cac4
+#: c680781f6a504047a9812ca83bfbe448
+#: 015dc130ebe4415f925c3e5cef4e6f1a
+#: 361d92de2b444933989df8b096385138
+#: 5d8e85bfe38746259487a7ba76550510
+#: e1a9daee27e84471844d288df2446f0d
+#: 3d5f2ec255df4289955102489c73cd41
+#: a06dc1405adb4035ace012fe8c083cac
+#: 79e504d7c9cd41ffa2dca1fade130fd1
+#: f7bb9867e46848fa83edf25a2b97d294
+#: 960fa0f802aa49dd861e683a7d531356
+#: 515e67e14bce4621a1cd7a57363b951e
+#: 2a3b48836b164e11801bed7f1a89da8a
+#: 8c7249cc4a60479ab49ae1bac2ac3bc0
+#: 2ec760c8683a4f8eb3e3127dc355e753
+#: 3e0c977c3e794ac8b3ed9fc517248885
+#: ad188fa7b22d46a69ba5da4f563e2d3c
+#: e7252cb4bb4a4d99a231ac6d834a5b42
+#: dd4eb2fd4ffe4069aa4badd648d2cb2b
+#: d3e5d400c9ac45d987f243139c369eac
+#: 8d2427f6b4594c5294f673864dd1fbea
+#: 73c3b57276a246179cf93c7e7d211ada
+#: dbcd039df2c84c4f976ef11e9c158290
+#: 424c3e3794c6400fb5c4b9af550532ad
+msgid "Fixed"
+msgstr ""
+
+#: ../../CHANGES.rst:17
+#: f9e9801f2c7b4bc09a3c14abc1314428
+msgid "With LDAP backend, updating another user groups could result in a permission lost for the editor. :issue:`202`"
+msgstr ""
+
+#: ../../CHANGES.rst:21
+#: 60e50e5541d045969fedda4d3329f4fc
+msgid ":attr:`~canaille.core.configuration.CoreSettings.MAX_PASSWORD_LENGHT` and :attr:`~canaille.core.configuration.CoreSettings.MIN_PASSWORD_LENGHT` configuration options :issue:`174`"
+msgstr ""
+
+#: ../../CHANGES.rst:23
+#: 39d0ccccd7904439b96d09fc13aaeac8
+msgid "Password strength visual indicator :issue:`174`"
+msgstr ""
+
+#: ../../CHANGES.rst:24
+#: 2239db87571047189bfe06a8b7079f1f
+msgid "Security events logs :issue:`177`"
+msgstr ""
+
+#: ../../CHANGES.rst:25
+#: 26fd943ceadf4ae8aa8f44c05a11fb1c
+msgid "Support for Python 3.13 :pr:`186`"
+msgstr ""
+
+#: ../../CHANGES.rst:28
+#: ../../CHANGES.rst:41
+#: ../../CHANGES.rst:53
+#: ../../CHANGES.rst:78
+#: ../../CHANGES.rst:86
+#: ../../CHANGES.rst:134
+#: ../../CHANGES.rst:158
+#: ../../CHANGES.rst:210
+#: ../../CHANGES.rst:247
+#: ../../CHANGES.rst:316
+#: ../../CHANGES.rst:332
+#: ../../CHANGES.rst:368
+#: ../../CHANGES.rst:405
+#: ../../CHANGES.rst:440
+#: ../../CHANGES.rst:483
+#: ../../CHANGES.rst:587
+#: ../../CHANGES.rst:641
+#: ../../CHANGES.rst:673
+#: ../../CHANGES.rst:687
+#: 293d64938a87465893ec3ad67a871af6
+#: 203bb49fb100486cb6299e880c588a8a
+#: 6ac31bd58d3049a1b0dae9b383b006e2
+#: 4d64a7797e2647bf8fe305b53436f22d
+#: ab636c0449144e8babb00b421b86dd03
+#: 3215a53d28a043c58a40ddf79f9a4b89
+#: 0cef5559da744d89b0194a2e974f042d
+#: defad26fb8394b8daeb45f1814b3f6fb
+#: 1a662595a4f34eaa8035ca70517d7043
+#: 62ffcbd328624249b11c7b1dc024ce3e
+#: ce0dc070b8b148b2914c149c2f27353f
+#: 58cfff3b2e0346a794a2b0f690e63a74
+#: a47093f14bae462a8c49b347168ab715
+#: d3151b392aca4a24aa454404e9d2e1e8
+#: ab28665de6cc4e31b26d5a5fbd635fbd
+#: 92095c34f5ea49d3bf16bdfe2eae3346
+#: 445d7f52f3bb4c33a9ef38e966ecec6d
+#: ec24d18d38614325a599040215dbd79b
+#: 79ce14e63e194ee0b2f03e4a80ef6f3a
+msgid "Changed"
+msgstr ""
+
+#: ../../CHANGES.rst:29
+#: eff0de924f894a60942f4d7c677b991d
+msgid "Update to HTMX 2.0.3 :pr:`184`"
+msgstr ""
+
+#: ../../CHANGES.rst:30
+#: d2eeb1968c15463bb81ce2e800d3bdcf
+msgid "Migrate from poetry to uv :pr:`187`"
+msgstr ""
+
+#: ../../CHANGES.rst:31
+#: 90ff671ba1fe480b9dc2e2e48f79f330
+msgid "The ``sql`` package extra is now split between ``sqlite``, ``postgresql`` and ``mysql``."
+msgstr ""
+
+#: ../../CHANGES.rst:34
+#: ../../CHANGES.rst:378
+#: ../../CHANGES.rst:784
+#: 5c55c689df4e4773ae65886d3b3b899b
+#: bc2d074a59a146f4bfaafdba8554dc7e
+#: 6a052788dc6940d7aaf1548ebea6fe72
+msgid "Removed"
+msgstr ""
+
+#: ../../CHANGES.rst:35
+#: 0fd4f6e2e83d4afa878a11a279e1d307
+msgid "End support for python 3.9. :pr:`179`"
+msgstr ""
+
+#: ../../CHANGES.rst:38
+#: db996d00b2704efc9e9f346d593c4ae7
+msgid "[0.0.55] - 2024-08-30"
+msgstr ""
+
+#: ../../CHANGES.rst:42
+#: 830d274ba5c84c0f88801a277ab0931d
+msgid "Use poetry-core build backend. :pr:`178`"
+msgstr ""
+
+#: ../../CHANGES.rst:45
+#: fbc43e0a98b94a009841053e6dbfac86
+msgid "[0.0.54] - 2024-07-25"
+msgstr ""
+
+#: ../../CHANGES.rst:49
+#: fe9b748d30204293ab190fa40bc4991e
+msgid "Group member removal can be achieved from the group edition page :issue:`192`"
+msgstr ""
+
+#: ../../CHANGES.rst:50
+#: b10b2b51af1a4fd9b141096755ef707e
+msgid "Model management commands :issue:`117` :issue:`54`"
+msgstr ""
+
+#: ../../CHANGES.rst:54
+#: 58102a281bb64238bee8dc4d65ffc58d
+msgid "Model `identifier_attributes` are fixed."
+msgstr ""
+
+#: ../../CHANGES.rst:55
+#: 6bebedf8624b4d39a0b87e495697c16a
+msgid "Bump to htmx 1.9.12 :pr:`172`"
+msgstr ""
+
+#: ../../CHANGES.rst:60
+#: 1565775ca2364457a0c1b0d3316d99a0
+msgid "Dark theme colors for better readability"
+msgstr ""
+
+#: ../../CHANGES.rst:61
+#: 8133e538453f4bc68497fb402c3e262b
+msgid "Crash for passwordless users at login when no SMTP server was configured."
+msgstr ""
+
+#: ../../CHANGES.rst:64
+#: 7e4da3e8640247f799cad54f03a8bd86
+msgid "[0.0.53] - 2024-04-22"
+msgstr ""
+
+#: ../../CHANGES.rst:68
+#: 07f0ada2380e4aab9f58e9fd69ae9f45
+msgid "`env_prefix` create_app variable can select the environment var prefix."
+msgstr ""
+
+#: ../../CHANGES.rst:71
+#: f0cdd7e4fd4446cc8b5ae04d8d40d4e3
+msgid "[0.0.52] - 2024-04-22"
+msgstr ""
+
+#: ../../CHANGES.rst:75
+#: d44dc6539edd4469ace50d952b38fde6
+msgid "`env_file` create_app variable can customize/disable the .env file"
+msgstr ""
+
+#: ../../CHANGES.rst:79
+#: 597da17368934d44b19bc56af588d612
+msgid "Locked users cannot be impersonated anymore."
+msgstr ""
+
+#: ../../CHANGES.rst:80
+#: 6933111b07624644bb9554186b9a9f6b
+msgid "Minimum python requirement is 3.9."
+msgstr ""
+
+#: ../../CHANGES.rst:83
+#: bed0a654b0da4d23a54beb3b57a320bc
+msgid "[0.0.51] - 2024-04-09"
+msgstr ""
+
+#: ../../CHANGES.rst:87
+#: aa16f0469d0f4509a054018dec17ec13
+msgid "Display the menu bar on error pages."
+msgstr ""
+
+#: ../../CHANGES.rst:90
+#: e276a890988547d89123f63d2c5d9fa7
+msgid "[0.0.50] - 2024-04-09"
+msgstr ""
+
+#: ../../CHANGES.rst:94
+#: 6806fb1403984e8ea220310b79c83023
+msgid "Sign in/out events are logged in :issue:`177`"
+msgstr ""
+
+#: ../../CHANGES.rst:98
+#: 8a88d1b3a4214a94b1c5d7b85749ac53
+msgid "HTMX and JAVASCRIPT configuration settings."
+msgstr ""
+
+#: ../../CHANGES.rst:99
+#: 87d7c745b0fe4b09b0c95ade6ab3bd88
+msgid "Compatibility with old sessions IDs."
+msgstr ""
+
+#: ../../CHANGES.rst:102
+#: 8291ad8603504d89bf3615e3ec1258df
+msgid "[0.0.49] - 2024-04-08"
+msgstr ""
+
+#: ../../CHANGES.rst:106
+#: cac88357700a4f86a6ee604a9d4d92be
+msgid "LDAP user group removal."
+msgstr ""
+
+#: ../../CHANGES.rst:107
+#: 62fc42174a3042e7bde72c8b6771292b
+msgid "Display an error message when trying to remove the last user from a group."
+msgstr ""
+
+#: ../../CHANGES.rst:110
+#: 48275075792a404ab792306e4427c94c
+msgid "[0.0.48] - 2024-04-08"
+msgstr ""
+
+#: ../../CHANGES.rst:114
+#: 283bc25944e94d7d8c0c62f0de5d8ab3
+msgid "LDAP objectClass guessing exception."
+msgstr ""
+
+#: ../../CHANGES.rst:117
+#: 0f0a72a7e1e249ff8bb95709bb102119
+msgid "[0.0.47] - 2024-04-08"
+msgstr ""
+
+#: ../../CHANGES.rst:121
+#: f2f86bb8b91b46a3ad35baacd3877164
+msgid "Lazy permission loading exception."
+msgstr ""
+
+#: ../../CHANGES.rst:124
+#: 4dfbf13cd2084fcea2c843c0e4b390f4
+msgid "[0.0.46] - 2024-04-08"
+msgstr ""
+
+#: ../../CHANGES.rst:128
+#: 0c761c1280744e35bd8fde5bd0d54100
+msgid "Saving an object with the LDAP backend keeps the objectClass un-managed by Canaille. :pr:`171`"
+msgstr ""
+
+#: ../../CHANGES.rst:131
+#: e4a82b1365294aeaa39cd175f28a8ff6
+msgid "[0.0.45] - 2024-04-04"
+msgstr ""
+
+#: ../../CHANGES.rst:135
+#: b86b1daec3f044bca22238704340a4f1
+msgid "Internal indexation mechanism of :class:`~canaille.backends.memory.model.MemoryModel`"
+msgstr ""
+
+#: ../../CHANGES.rst:138
+#: ec1d0b19eac54d588e4429bc318cf690
+msgid "[0.0.44] - 2024-03-29"
+msgstr ""
+
+#: ../../CHANGES.rst:142
+#: ed17aa45b3954a43ba5baa6f37b95061
+msgid "Fix the default LDAP USER_FILTER value"
+msgstr ""
+
+#: ../../CHANGES.rst:143
+#: 322b1d5d705d4662ac3e781469785038
+msgid "Fix the OIDC feature detection"
+msgstr ""
+
+#: ../../CHANGES.rst:146
+#: 5eeb5d32f4674d6fbd5ec1d8003a160d
+msgid "[0.0.43] - 2024-03-29"
+msgstr ""
+
+#: ../../CHANGES.rst:148
+#: 71c80e5e86924435b6926d820ab27a98
+msgid "🚨Configuration files must be updated.🚨"
+msgstr ""
+
+#: ../../CHANGES.rst:153
+#: f835cb7058fc48da8651e3ec1decd644
+msgid "Add `created` and `last_modified` datetime for all models"
+msgstr ""
+
+#: ../../CHANGES.rst:154
+#: 3684841a407543f5910cd9e62ac628e5
+msgid "Sitemap to the documentation :pr:`169`"
+msgstr ""
+
+#: ../../CHANGES.rst:155
+#: f91d1039d2184260ae741c1786f7e91e
+msgid "Configuration management with pydantic-settings :issue:`138` :pr:`170`"
+msgstr ""
+
+#: ../../CHANGES.rst:160
+#: 6fd58b27e3bd4441bd641c7b8ed35819
+msgid "Use default python logging configuration format. :issue:`188` :pr:`165`"
+msgstr ""
+
+#: ../../CHANGES.rst:161
+#: ba09a3914d6d4f1d80ff26cbbbabd038
+msgid "Bump to htmx 1.99.11 :pr:`166`"
+msgstr ""
+
+#: ../../CHANGES.rst:162
+#: 1f2266f5a92d49f6ac39679a50950332
+msgid "Use the standard tomllib python module instead of `toml` starting from python 3.11 :pr:`167`"
+msgstr ""
+
+#: ../../CHANGES.rst:163
+#: 36180e325ed54fc1bd9a4ee6359e333d
+msgid "Use shibuya as the documentation theme :pr:`168`"
+msgstr ""
+
+#: ../../CHANGES.rst:166
+#: bb7dd713ed9b4420a3897db6e75ff2ef
+msgid "[0.0.42] - 2023-12-29"
+msgstr ""
+
+#: ../../CHANGES.rst:171
+#: 868c4ec0eac4435f8102e36c9bba1dff
+msgid "Avoid to fail on imports if ``cryptography`` is missing."
+msgstr ""
+
+#: ../../CHANGES.rst:174
+#: f0a9863bc23b49a8ae7263f4c8a14477
+msgid "[0.0.41] - 2023-12-25"
+msgstr ""
+
+#: ../../CHANGES.rst:179
+#: a149ffc2dfad4ec6a64c2db96260cb07
+msgid "OIDC `prompt=create` support. :issue:`185` :pr:`164`"
+msgstr ""
+
+#: ../../CHANGES.rst:184
+#: c902e37b42074304933765961c68a3ae
+msgid "Correctly set up Client audience during OIDC dynamic registration."
+msgstr ""
+
+#: ../../CHANGES.rst:185
+#: 9cb9375cc36f4f4fae9476912d4800ac
+msgid "``post_logout_redirect_uris`` was ignored during OIDC dynamic registration."
+msgstr ""
+
+#: ../../CHANGES.rst:186
+#: 5405895c215848af91ce0dd48777c01a
+msgid "Group field error prevented the registration form validation."
+msgstr ""
+
+#: ../../CHANGES.rst:189
+#: ac33874c2c8d439f96aa2a7933ea085f
+msgid "[0.0.40] - 2023-12-22"
+msgstr ""
+
+#: ../../CHANGES.rst:194
+#: 05e47bb7a2534a24bf378f3d4f00a9e4
+msgid "``THEME`` can be a relative path"
+msgstr ""
+
+#: ../../CHANGES.rst:197
+#: d1d35df6b2694dee92f698ea559e44a2
+msgid "[0.0.39] - 2023-12-15"
+msgstr ""
+
+#: ../../CHANGES.rst:202
+#: f76dc01f7b534f9b89c98d6f7948d429
+msgid "Crash when no ACL were defined"
+msgstr ""
+
+#: ../../CHANGES.rst:203
+#: af96e8429cd0402cb5ef9fb5e5b8d064
+msgid "OIDC Userinfo endpoint is also available in POST"
+msgstr ""
+
+#: ../../CHANGES.rst:204
+#: 593f8977a7d24bbfad5e209eca80945f
+msgid "Fix redirection after password reset :issue:`159`"
+msgstr ""
+
+#: ../../CHANGES.rst:207
+#: c86917c9a8f94bab857d2c9b8bd929b8
+msgid "[0.0.38] - 2023-12-15"
+msgstr ""
+
+#: ../../CHANGES.rst:212
+#: 1d56690072294eee992bfbf2e50c9e68
+msgid "Convert all the png in webp. :pr:`162`"
+msgstr ""
+
+#: ../../CHANGES.rst:213
+#: 1e7c48fa76b64ed39e2eeccff373fb46
+msgid "Update to flask 3 :issue:`161` :pr:`163`"
+msgstr ""
+
+#: ../../CHANGES.rst:216
+#: b79e56a4475b48939678ff054e36847c
+msgid "[0.0.37] - 2023-12-01"
+msgstr ""
+
+#: ../../CHANGES.rst:221
+#: 6b1bfb29474c4e32b2b46544b456f58e
+msgid "Handle 4xx and 5xx error codes with htmx. :issue:`171` :pr:`161`"
+msgstr ""
+
+#: ../../CHANGES.rst:224
+#: 891096d144e149c38fbcdcb26e77c4df
+msgid "[0.0.36] - 2023-12-01"
+msgstr ""
+
+#: ../../CHANGES.rst:229
+#: 5ceae559b10143038f09be3106465b64
+msgid "Avoid crashing when LDAP groups references unexisting users."
+msgstr ""
+
+#: ../../CHANGES.rst:230
+#: 14db477de18e443fa3c50495b2b4184f
+msgid "Password reset and initialization mails were only sent to the preferred user email address."
+msgstr ""
+
+#: ../../CHANGES.rst:232
+#: 898acaa2046c4cb298078be47c6554ed
+msgid "Password reset and initialization mails were not sent at all the user addresses if one email address could not be reached."
+msgstr ""
+
+#: ../../CHANGES.rst:234
+#: bf40c98f87a04c9cbf91405c836bdfc2
+msgid "Password comparison was too permissive on login."
+msgstr ""
+
+#: ../../CHANGES.rst:235
+#: 9e6bf386e00b490990f961285fe9825f
+msgid "Encrypt passwords in the SQL backend."
+msgstr ""
+
+#: ../../CHANGES.rst:238
+#: 4dbc596e05b5419aa79409d14180980e
+msgid "[0.0.35] - 2023-11-25"
+msgstr ""
+
+#: ../../CHANGES.rst:243
+#: 6a0006d7840c4157928cd585c8afb4e5
+msgid "Refresh token grant supports other client authentication methods. :pr:`157`"
+msgstr ""
+
+#: ../../CHANGES.rst:244
+#: 831d61d9484149408de2434693bcb0b9
+msgid "Implement a SQLAlchemy backend. :issue:`30` :pr:`158`"
+msgstr ""
+
+#: ../../CHANGES.rst:249
+#: 2729a67bff05435d8c91a4a0abde4116
+msgid "Model attributes cardinality is closer to SCIM model. :pr:`155`"
+msgstr ""
+
+#: ../../CHANGES.rst:250
+#: 0d3123b92e3d47418e07a25a2a8216c7
+msgid "Bump to htmx 1.9.9 :pr:`159`"
+msgstr ""
+
+#: ../../CHANGES.rst:255
+#: dc8607bee43e45cbb573c9bd6341b848
+msgid "Disable HTMX boosting during the OIDC dance. :pr:`160`"
+msgstr ""
+
+#: ../../CHANGES.rst:258
+#: 5106051f0a564dda88568fd53eaf7f5b
+msgid "[0.0.34] - 2023-10-02"
+msgstr ""
+
+#: ../../CHANGES.rst:263
+#: b4728ea61f644f369848b72ad597e9d6
+msgid "Canaille installations without account lockabilty could not delete users. :pr:`153`"
+msgstr ""
+
+#: ../../CHANGES.rst:269
+#: 87f7e185f75549dcbe1080a5011e4aa5
+msgid "If users register or authenticate during a OAuth Authorization phase, they get redirected back to that page afterwards. :issue:`168` :pr:`151`"
+msgstr ""
+
+#: ../../CHANGES.rst:272
+#: 41a0ba3028784b3fbbce3ab146b9b3b9
+msgid "flask-babel and pytz are now part of the `front` extras"
+msgstr ""
+
+#: ../../CHANGES.rst:273
+#: 5664df37b34745abaa60e8e5d14bc363
+msgid "Bump to fomantic-ui 2.9.3 :pr:`152`"
+msgstr ""
+
+#: ../../CHANGES.rst:274
+#: 33ee4360641b45ee9c22d6fe1471a4f6
+msgid "Bump to htmx 1.9.6 :pr:`154`"
+msgstr ""
+
+#: ../../CHANGES.rst:275
+#: 90c5d5daa1084ea7a136b4dceb3e132d
+msgid "Add support for python 3.12 :pr:`155`"
+msgstr ""
+
+#: ../../CHANGES.rst:278
+#: 49553f6bf0f74896b15c3ccded528cfe
+msgid "[0.0.33] - 2023-08-26"
+msgstr ""
+
+#: ../../CHANGES.rst:283
+#: 4254d8c7fc00407baa12f44e43ff40f8
+msgid "OIDC jwks endpoint do not return empty kid claim"
+msgstr ""
+
+#: ../../CHANGES.rst:288
+#: d0309f2d1692411eaa9b7f7babd48d19
+msgid "Documentation details on the canaille models."
+msgstr ""
+
+#: ../../CHANGES.rst:291
+#: 690fcdab65944260afb6fcbe9e8a2544
+msgid "[0.0.32] - 2023-08-17"
+msgstr ""
+
+#: ../../CHANGES.rst:296
+#: ac9ff17b36854a04b0eff8fdd9f0b12d
+msgid "Additional inmemory backend :issue:`30` :pr:`149`"
+msgstr ""
+
+#: ../../CHANGES.rst:297
+#: 2c37b0e733db469d9579d223cd85aa8e
+msgid "Installation extras :issue:`167` :pr:`150`"
+msgstr ""
+
+#: ../../CHANGES.rst:300
+#: 01aa77d8df464a5e951020cd837b3255
+msgid "[0.0.31] - 2023-08-15"
+msgstr ""
+
+#: ../../CHANGES.rst:305
+#: cc2bfadcf8ff422d9873e6781c9ac353
+msgid "Configuration option to disable the forced usage of OIDC nonce :pr:`143`"
+msgstr ""
+
+#: ../../CHANGES.rst:306
+#: 6945dec9474d48ce88db6978c3d7a954
+msgid "Validate phone numbers with a regex :pr:`146`"
+msgstr ""
+
+#: ../../CHANGES.rst:307
+#: 10b93b8760444d6182f704d6b2c7c7ea
+msgid "Email verification :issue:`41` :pr:`147`"
+msgstr ""
+
+#: ../../CHANGES.rst:308
+#: 12d0980c01294ad4b095b756b991a2bc
+msgid "Account registration :issue:`55` :pr:`133` :pr:`148`"
+msgstr ""
+
+#: ../../CHANGES.rst:313
+#: 67036a27c2ff4cdcb905cb4c4e86ff55
+msgid "The `check` command uses the default configuration values."
+msgstr ""
+
+#: ../../CHANGES.rst:318
+#: 9d1aae00e2f14e7881f93f4282f9d4f8
+msgid "Modals do not need use javascript at the moment. :issue:`158` :pr:`144`"
+msgstr ""
+
+#: ../../CHANGES.rst:321
+#: 46bef1073cc249c4b5a60fc639445486
+msgid "[0.0.30] - 2023-07-06"
+msgstr ""
+
+#: ../../CHANGES.rst:323
+#: 961455ecf0a14c5491eb06390a1cb324
+msgid "🚨Configuration files must be updated.🚨 Check the new format with ``git diff 0.0.29 0.0.30 canaille/conf/config.sample.toml``"
+msgstr ""
+
+#: ../../CHANGES.rst:329
+#: 0961a5675019487d86d12c28a8c03738
+msgid "Configuration option to disable javascript :pr:`141`"
+msgstr ""
+
+#: ../../CHANGES.rst:334
+#: 60c44ee6ebaa4458ac03cb4058a609ec
+msgid "Configuration ``USER_FILTER`` is parsed with jinja."
+msgstr ""
+
+#: ../../CHANGES.rst:335
+#: 46352c2c399c46a6898a9555e50adb95
+msgid "Configuration use ``PRIVATE_KEY_FILE`` instead of ``PRIVATE_KEY`` and ``PUBLIC_KEY_FILE`` instead of ``PUBLIC_KEY``"
+msgstr ""
+
+#: ../../CHANGES.rst:338
+#: 7e2e8f3a99214572a9d5a3bd76230e75
+msgid "[0.0.29] - 2023-06-30"
+msgstr ""
+
+#: ../../CHANGES.rst:343
+#: 89b4af9fda364e7d83bb6996c6e69bd2
+msgid "Disabled HTMX boosting on OIDC forms to avoid errors."
+msgstr ""
+
+#: ../../CHANGES.rst:346
+#: a7070ee845df4ff7bfe13b5d41244aa0
+msgid "[0.0.28] - 2023-06-30"
+msgstr ""
+
+#: ../../CHANGES.rst:351
+#: 4cd4e4868bfb41b78e8b644422f22145
+msgid "A template variable was misnamed."
+msgstr ""
+
+#: ../../CHANGES.rst:354
+#: 55a8faa31ce54cf88afc5a3c13cf4790
+msgid "[0.0.27] - 2023-06-29"
+msgstr ""
+
+#: ../../CHANGES.rst:356
+#: eb6b9fcd0119445b84b482b96ba17e59
+msgid "🚨Configuration files must be updated.🚨 Check the new format with ``git diff 0.0.26 0.0.27 canaille/conf/config.sample.toml``"
+msgstr ""
+
+#: ../../CHANGES.rst:362
+#: 2be5c386632147ea9a72003d8fcbab12
+msgid "Configuration entries can be loaded from files if the entry key has a *_FILE* suffix and the entry value is the path to the file. :issue:`134` :pr:`134`"
+msgstr ""
+
+#: ../../CHANGES.rst:364
+#: eb633d6c5427443082671f0b402d0471
+msgid "Field list support. :issue:`115` :pr:`136`"
+msgstr ""
+
+#: ../../CHANGES.rst:365
+#: 2ca34588a2434f94bc28e2220b7128dd
+msgid "Pages are boosted with HTMX :issue:`144` :issue:`145` :pr:`137`"
+msgstr ""
+
+#: ../../CHANGES.rst:370
+#: 75e20a614ff2492180c27a84aac43cc5
+msgid "Bump to jquery 3.7.0 :pr:`138`"
+msgstr ""
+
+#: ../../CHANGES.rst:375
+#: e9b015b11a6848f48a31e925a25a685f
+msgid "Profile edition when the user RDN was not ``uid`` :issue:`148` :pr:`139`"
+msgstr ""
+
+#: ../../CHANGES.rst:380
+#: 37ff77d4af6c45b8ae036879097aae67
+msgid "Stop support for python 3.7 :pr:`131`"
+msgstr ""
+
+#: ../../CHANGES.rst:383
+#: b49886fdd9b54bd69c6f396dbcf33549
+msgid "[0.0.26] - 2023-06-03"
+msgstr ""
+
+#: ../../CHANGES.rst:388
+#: f34ff922c98e49479c9a6a95ff9d5e20
+msgid "Implemented account expiration based on OpenLDAP ppolicy overlay. Needs OpenLDAP 2.5+ :issue:`13` :pr:`118`"
+msgstr ""
+
+#: ../../CHANGES.rst:390
+#: 8955f6014e7840179fef39c2f7def856
+msgid "Timezone configuration entry. :issue:`137` :pr:`130`"
+msgstr ""
+
+#: ../../CHANGES.rst:395
+#: 7b4ac22c1e8a43faabff7b1cc379a486
+msgid "Avoid setting ``None`` in JWT claims when they have no value."
+msgstr ""
+
+#: ../../CHANGES.rst:396
+#: a5fa1b0aa295403481047ed68e5b5337
+msgid "Display password recovery button on OIDC login page. :pr:`129`"
+msgstr ""
+
+#: ../../CHANGES.rst:399
+#: da6a4bd82a8d449db7a184158fbcc848
+msgid "[0.0.25] - 2023-05-05"
+msgstr ""
+
+#: ../../CHANGES.rst:401
+#: 50fa73eb8ba946cb9a709170992e10a1
+msgid "🚨Configuration files must be updated.🚨 Check the new format with ``git diff 0.0.25 0.0.24 canaille/conf/config.sample.toml``"
+msgstr ""
+
+#: ../../CHANGES.rst:407
+#: ee48d59dd2224b48b9cbc2bbbe3df593
+msgid "Renamed user model attributes to match SCIM naming convention. :pr:`123`"
+msgstr ""
+
+#: ../../CHANGES.rst:408
+#: 09bf43cbf3414274a32fd7b98e4b367d
+msgid "Moved OIDC related configuration entries in ``OIDC``"
+msgstr ""
+
+#: ../../CHANGES.rst:409
+#: 5a25176b68c44ae2ab4e8be3a9979c78
+msgid "Moved ``LDAP`` configuration entry to ``BACKENDS.LDAP``"
+msgstr ""
+
+#: ../../CHANGES.rst:410
+#: 85a5997b2d73484c8e0e277edb6c0728
+msgid "Bumped to htmx 1.9.0 :pr:`124`"
+msgstr ""
+
+#: ../../CHANGES.rst:411
+#: a1786f8a6218461698ebd65c64fc35d9
+msgid "ACL filters are no more LDAP filters but user attribute mappings. :pr:`125`"
+msgstr ""
+
+#: ../../CHANGES.rst:412
+#: 79d1bf32067e45a28160200f271a6e75
+msgid "Bumped to htmx 1.9.2 :pr:`127`"
+msgstr ""
+
+#: ../../CHANGES.rst:417
+#: 0fa79474d2e643008784ad7d0266cf0d
+msgid "``OIDC.JWT.MAPPING`` configuration entry is really optional now."
+msgstr ""
+
+#: ../../CHANGES.rst:418
+#: cc43ca5d7ab8431e9d44b944a52bad42
+msgid "Fixed empty model attributes registration :pr:`125`"
+msgstr ""
+
+#: ../../CHANGES.rst:419
+#: ccf443a48367489998b39bf74fd22650
+msgid "Password initialization mails were not correctly sent. :pr:`128`"
+msgstr ""
+
+#: ../../CHANGES.rst:422
+#: 68d7811967674328a93413a45283d055
+msgid "[0.0.24] - 2023-04-07"
+msgstr ""
+
+#: ../../CHANGES.rst:427
+#: e01036fb364e4be1b271e0d132376c7c
+msgid "Fixed avatar update. :pr:`122`"
+msgstr ""
+
+#: ../../CHANGES.rst:430
+#: 0b3c187070af4c7291e1345c15d5a3c2
+msgid "[0.0.23] - 2023-04-05"
+msgstr ""
+
+#: ../../CHANGES.rst:435
+#: 851f9b7d13cb4e449a918856666a9d6f
+msgid "Organization field. :pr:`116`"
+msgstr ""
+
+#: ../../CHANGES.rst:436
+#: 7d50bba48f3d49f597f42cf2fa97a2bf
+msgid "ETag and Last-Modified headers on user photos. :pr:`116`"
+msgstr ""
+
+#: ../../CHANGES.rst:437
+#: 949afdb847bb402c869ab86922204bfb
+msgid "Dynamic form validation :pr:`120`"
+msgstr ""
+
+#: ../../CHANGES.rst:442
+#: bcb30b1dd4ae498b92a0fa822f0820cc
+msgid "UX rework. Submenu addition. :pr:`114`"
+msgstr ""
+
+#: ../../CHANGES.rst:443
+#: caa28fb3cde441eb86816d9f27bc8575
+msgid "Properly handle LDAP date timezones. :pr:`117`"
+msgstr ""
+
+#: ../../CHANGES.rst:448
+#: 37bb10b5178b4aa6a5776539548a4d71
+msgid "CSRF protection on every forms. :pr:`119`"
+msgstr ""
+
+#: ../../CHANGES.rst:451
+#: fc35d806925f4b378563b9782da74e6e
+msgid "[0.0.22] - 2023-03-13"
+msgstr ""
+
+#: ../../CHANGES.rst:455
+#: 65f29c39842a4d83b60056094bd25e94
+msgid "faker is not imported anymore when the `clean` command is called."
+msgstr ""
+
+#: ../../CHANGES.rst:458
+#: 5c164b4bb5a846428e3cc04495d3c49f
+msgid "[0.0.21] - 2023-03-12"
+msgstr ""
+
+#: ../../CHANGES.rst:463
+#: b784646f61e04c208a30565dd7ce091f
+msgid "Display TOS and policy URI on the consent list page. :pr:`102`"
+msgstr ""
+
+#: ../../CHANGES.rst:464
+#: 7194eac1f0234642a0981995cfe5149e
+msgid "Admin token deletion :pr:`100` :pr:`101`"
+msgstr ""
+
+#: ../../CHANGES.rst:465
+#: a803710142024ea3a243712728118900
+msgid "Revoked consents can be restored. :pr:`103`"
+msgstr ""
+
+#: ../../CHANGES.rst:466
+#: e890de6af18b4a3d87095f7fdc65db9b
+msgid "Pre-consented clients are displayed in the user consent list, and their consents can be revoked. :issue:`69` :pr:`103`"
+msgstr ""
+
+#: ../../CHANGES.rst:468
+#: c44acead10bf4fd89a53552876455a25
+msgid "A ``populate`` command can be used to fill the database with random users generated with faker. :pr:`105`"
+msgstr ""
+
+#: ../../CHANGES.rst:470
+#: 6834451857514b189bf302d31c1f8493
+msgid "SMTP SSL support. :pr:`108`"
+msgstr ""
+
+#: ../../CHANGES.rst:471
+#: fee6c7c71ed04dfe953531a40acdf8ea
+msgid "Server side pagination. :issue:`114` :pr:`111`"
+msgstr ""
+
+#: ../../CHANGES.rst:472
+#: 21d0c593818c488db23694f3081f2ca2
+msgid "Department number support. :issue:`129`"
+msgstr ""
+
+#: ../../CHANGES.rst:473
+#: 371d75ed6f54488aaeddcc99fe6c4290
+msgid "Address edition support (but not in the OIDC claims yet) :pr:`112`"
+msgstr ""
+
+#: ../../CHANGES.rst:474
+#: 0771c1b7b7a84323b5d912b7f8647d41
+msgid "Title edition support :pr:`113`"
+msgstr ""
+
+#: ../../CHANGES.rst:479
+#: 57e0cd74e810435791d6a97214e12aed
+msgid "Client deletion also deletes related Consent, Token and AuthorizationCode objects. :issue:`126` :pr:`98`"
+msgstr ""
+
+#: ../../CHANGES.rst:485
+#: fb4c36e5440449b898999be40ae9e0c5
+msgid "Removed datatables."
+msgstr ""
+
+#: ../../CHANGES.rst:488
+#: 5a7c51ebbb11449b9892980d50bc2f3c
+msgid "[0.0.20] - 2023-01-28"
+msgstr ""
+
+#: ../../CHANGES.rst:493
+#: 194afc81a9784649b6961ba3d153d1df
+msgid "Spanish translation. :pr:`85` :pr:`88`"
+msgstr ""
+
+#: ../../CHANGES.rst:494
+#: f91f3536f72d4dfebe399707149009f7
+msgid "Dedicated connectivity test email :pr:`89`"
+msgstr ""
+
+#: ../../CHANGES.rst:495
+#: 1adab56d29b8477bae5e727054e73c9a
+msgid "Update to jquery 3.6.3 :pr:`90`"
+msgstr ""
+
+#: ../../CHANGES.rst:496
+#: ada246491b7442c3a0f1c586a3f8d013
+msgid "Update to fomantic-ui 2.9.1 :pr:`90`"
+msgstr ""
+
+#: ../../CHANGES.rst:497
+#: a4e66dd5e706464687d1715587f27fb3
+msgid "Update to datatables 1.13.1 :pr:`90`"
+msgstr ""
+
+#: ../../CHANGES.rst:502
+#: 626448d95038452d8eaaa7970defcc17
+msgid "Fix typos and grammar errors. :pr:`84`"
+msgstr ""
+
+#: ../../CHANGES.rst:503
+#: 507e0d82553143a0a60b5db8c8f78220
+msgid "Fix wording and punctuations. :pr:`86`"
+msgstr ""
+
+#: ../../CHANGES.rst:504
+#: cc22dca2873b4eb4b3acc767f3c15153
+msgid "Fix HTML lang tag :issue:`122` :pr:`87`"
+msgstr ""
+
+#: ../../CHANGES.rst:505
+#: 3fcbd3fe2225413da18d7da66cf518e3
+msgid "Automatically trims the HTML translated strings. :pr:`91`"
+msgstr ""
+
+#: ../../CHANGES.rst:506
+#: d768714fde834381a64da0f30d0156a8
+msgid "Fixed dynamic registration scope management. :issue:`123` :pr:`93`"
+msgstr ""
+
+#: ../../CHANGES.rst:509
+#: 081cf10919eb45e1a74ed6cb2b0b80d2
+msgid "[0.0.19] - 2023-01-14"
+msgstr ""
+
+#: ../../CHANGES.rst:514
+#: b15a19a914bf4f5b814516e4fa392ff5
+msgid "Ensures the token `expires_in` claim and the `access_token` `exp` claim have the same value. :pr:`83`"
+msgstr ""
+
+#: ../../CHANGES.rst:518
+#: 910abd66d7514fa2a52397691b581306
+msgid "[0.0.18] - 2022-12-28"
+msgstr ""
+
+#: ../../CHANGES.rst:523
+#: fb4e49552924463993ec42a37f29c9a0
+msgid "OIDC end_session was not returning the ``state`` parameter in the ``post_logout_redirect_uri`` :pr:`82`"
+msgstr ""
+
+#: ../../CHANGES.rst:527
+#: 3792b0bfa9a14b768282d0d35f894913
+msgid "[0.0.17] - 2022-12-26"
+msgstr ""
+
+#: ../../CHANGES.rst:532
+#: 723d56770f9c43d98620e5873a6ccb9c
+msgid "Fixed group deletion button. :pr:`80`"
+msgstr ""
+
+#: ../../CHANGES.rst:533
+#: e5697b7a57ae454ea52711580b8b7146
+msgid "Fixed post requests in oidc clients views. :pr:`81`"
+msgstr ""
+
+#: ../../CHANGES.rst:536
+#: ff6e164e9c7e43cf86e1fdceca7253bb
+msgid "[0.0.16] - 2022-12-15"
+msgstr ""
+
+#: ../../CHANGES.rst:541
+#: 32f25a8f77a04718a014459a4084d146
+msgid "Fixed LDAP operational attributes handling."
+msgstr ""
+
+#: ../../CHANGES.rst:544
+#: 8ed77f0ddc9349d49248f88230f091c6
+msgid "[0.0.15] - 2022-12-15"
+msgstr ""
+
+#: ../../CHANGES.rst:549
+#: 84305bbe71ad46e2ae714e806de6d5bf
+msgid "User can chose their favourite display name. :pr:`77`"
+msgstr ""
+
+#: ../../CHANGES.rst:550
+#: 6681b34a0be144cdbb21c8f66ddd92d3
+msgid "Bumped to authlib 1.2. :pr:`78`"
+msgstr ""
+
+#: ../../CHANGES.rst:551
+#: 3510559cfa1646e2929ce3b663cdb88a
+msgid "Implemented RFC7592 OAuth 2.0 Dynamic Client Registration Management Protocol :pr:`79`"
+msgstr ""
+
+#: ../../CHANGES.rst:553
+#: 5d02af72ff704b38bf8a3ad1a672edbc
+msgid "Added ``nonce`` to the ``claims_supported`` server metadata list."
+msgstr ""
+
+#: ../../CHANGES.rst:556
+#: c9e1519b4cfb4a39b7a1bbbae2b04210
+msgid "[0.0.14] - 2022-11-29"
+msgstr ""
+
+#: ../../CHANGES.rst:560
+#: f0a39e5073ec4c24aeea5a89ddbbaf5a
+msgid "Fixed translation mo files packaging."
+msgstr ""
+
+#: ../../CHANGES.rst:563
+#: d227a6e046ec4cdea9410d3e66618604
+msgid "[0.0.13] - 2022-11-21"
+msgstr ""
+
+#: ../../CHANGES.rst:568
+#: d7842fe9d753466797b38435da64ddac
+msgid "Fixed a bug on the contacts field in the admin client form following the LDAP schema update of 0.0.12"
+msgstr ""
+
+#: ../../CHANGES.rst:570
+#: 06b6d0eb8bba4bc190f42a86b15e92aa
+msgid "Fixed a bug happening during RP initiated logout on clients without `post_logout_redirect_uri` defined."
+msgstr ""
+
+#: ../../CHANGES.rst:572
+#: 4a0ff8ddda694f608e8e30f045f2e997
+msgid "Gitlab CI fix. :pr:`64`"
+msgstr ""
+
+#: ../../CHANGES.rst:573
+#: f7ab68d7857f4e5ca07d14fc3b955866
+msgid "Fixed `client_secret` display on the client administration page. :pr:`65`"
+msgstr ""
+
+#: ../../CHANGES.rst:574
+#: c2e57ecf35b24a169345d069aa03fa08
+msgid "Fixed non-square logo CSS. :pr:`67`"
+msgstr ""
+
+#: ../../CHANGES.rst:575
+#: 788674f9c70c4e0799bde8d5185255b8
+msgid "Fixed schema path on installation. :pr:`68`"
+msgstr ""
+
+#: ../../CHANGES.rst:576
+#: cf27bc6a7bf244bcbd8ecde012c0bdac
+msgid "Fixed RFC7591 ``software_statement`` claim support. :pr:`70`"
+msgstr ""
+
+#: ../../CHANGES.rst:577
+#: 5b4214de704a45afb69294ff6fa6765b
+msgid "Fixed client preconsent disabling. :pr:`72`"
+msgstr ""
+
+#: ../../CHANGES.rst:582
+#: 4797bbc283b14a6098b60c8eadb444c3
+msgid "Python 3.11 support. :pr:`61`"
+msgstr ""
+
+#: ../../CHANGES.rst:583
+#: cf4773b6f22e45ed871ab4b5fb69f6a2
+msgid "apparmor slapd configuration instructions in CONTRIBUTING.rst :pr:`66`"
+msgstr ""
+
+#: ../../CHANGES.rst:584
+#: fc0c9e3a757649cbbbd2d119fb403c2b
+msgid "``preferredLanguage`` attribute support. :pr:`75`"
+msgstr ""
+
+#: ../../CHANGES.rst:589
+#: 48b4ab627fcd4a4aae6ebde31b60e138
+msgid "Replaced the use of the deprecated `FLASK_ENV` environment variable by `FLASK_DEBUG`."
+msgstr ""
+
+#: ../../CHANGES.rst:591
+#: 41f360c270e94109ac7ff049f4c210f8
+msgid "Dynamically generate the server metadata. Users won't have to copy and manually edit ``oauth-authorizationserver.json`` and ``openid-configuration.json``. :pr:`71`"
+msgstr ""
+
+#: ../../CHANGES.rst:594
+#: 5265fe5bc7214a9dbc130de0a63835c9
+msgid "The `FROM_ADDR` configuration option is not mandatory anymore. :pr:`73`"
+msgstr ""
+
+#: ../../CHANGES.rst:595
+#: e688f046fa5b44cbaef655e4bfa92d59
+msgid "The `JWT.ISS` configuration option is not mandatory anymore. :pr:`74`"
+msgstr ""
+
+#: ../../CHANGES.rst:598
+#: 3105e8936a2b4ae28b64c27edcf53cd8
+msgid "[0.0.12] - 2022-10-24"
+msgstr ""
+
+#: ../../CHANGES.rst:603
+#: 45609a4f9a2b4685931477795746c28f
+msgid "Basic WebFinger endpoint. :pr:`59`"
+msgstr ""
+
+#: ../../CHANGES.rst:604
+#: 99065af0fe7e46ee86cba8e1a071aa4f
+msgid "Bumped to FomanticUI 2.9.0 00ffffee"
+msgstr ""
+
+#: ../../CHANGES.rst:605
+#: 222619e4a78c4420849f3210e16f4439
+msgid "Implemented Dynamic Client Registration :pr:`60`"
+msgstr ""
+
+#: ../../CHANGES.rst:608
+#: e38006ffaa99459896eb21e4d2be3c87
+msgid "[0.0.11] - 2022-08-11"
+msgstr ""
+
+#: ../../CHANGES.rst:613
+#: 24dcf9e5b5fd4cc9a7bbc3946cdffba9
+msgid "Default theme has a dark variant. :pr:`57`"
+msgstr ""
+
+#: ../../CHANGES.rst:618
+#: 779421f30fbe49058b54aadf25f7dcae
+msgid "Fixed missing ``canaille`` binary. :pr:`58`"
+msgstr ""
+
+#: ../../CHANGES.rst:621
+#: 84432b1e63b0450f9f5db1558713dd16
+msgid "[0.0.10] - 2022-07-07"
+msgstr ""
+
+#: ../../CHANGES.rst:626
+#: 487099cc8b9140ae9688140be96d4dec
+msgid "Online demo. :pr:`55`"
+msgstr ""
+
+#: ../../CHANGES.rst:627
+#: 9bd981961fa74d909f5edba9b0783ffd
+msgid "The consent page was displaying scopes not supported by clients. :pr:`56`"
+msgstr ""
+
+#: ../../CHANGES.rst:628
+#: 8f54777acf6843738ecce5d485e7637b
+msgid "Fixed end session when user are already disconnected."
+msgstr ""
+
+#: ../../CHANGES.rst:631
+#: 64b24a6fcf804c83abea97fdc944a350
+msgid "[0.0.9] - 2022-06-05"
+msgstr ""
+
+#: ../../CHANGES.rst:636
+#: 7f06e3d2a8c147a4ae148ad7ae8effad
+msgid "``DISABLE_PASSWORD_RESET`` configuration option to disable password recovery. :pr:`46`"
+msgstr ""
+
+#: ../../CHANGES.rst:637
+#: 61c9a5a6284a4bb8985ee75220d16003
+msgid "``edit_self`` ACL permission to control user self edition. :pr:`47`"
+msgstr ""
+
+#: ../../CHANGES.rst:638
+#: ebf2e18962984007b0d7f0d26ba50dad
+msgid "Implemented RP-initiated logout :pr:`54`"
+msgstr ""
+
+#: ../../CHANGES.rst:643
+#: e73c108089ab4333918f173e1197dab5
+msgid "Bumped to authlib 1 :pr:`48`"
+msgstr ""
+
+#: ../../CHANGES.rst:644
+#: cc1798e0e0244816bb97e3e1f5cdb332
+msgid "documentation improvements :pr:`50`"
+msgstr ""
+
+#: ../../CHANGES.rst:645
+#: 59e82c4121b44885b645bc920db2ebcd
+msgid "use poetry instead of setuptools :pr:`51`"
+msgstr ""
+
+#: ../../CHANGES.rst:646
+#: 382ba5ccee7d4f909cd6e2fa6c5ceb16
+msgid "additional nonce tests :pr:`52`"
+msgstr ""
+
+#: ../../CHANGES.rst:650
+#: 0f2f4e263be44b9db73bf88f97c1c07b
+msgid "``HIDE_INVALID_LOGIN`` behavior and default value."
+msgstr ""
+
+#: ../../CHANGES.rst:651
+#: 3c2c34f32ae143fda1a56259e979b6d1
+msgid "mo files are not versioned anymore :pr:`49` :pr:`53`"
+msgstr ""
+
+#: ../../CHANGES.rst:654
+#: 33489cb5ccfd400b9aeeb57e8ad39bc2
+msgid "[0.0.8] - 2022-03-15"
+msgstr ""
+
+#: ../../CHANGES.rst:659
+#: b574181e55454661adf4c9460413f7c3
+msgid "Fixed dependencies"
+msgstr ""
+
+#: ../../CHANGES.rst:662
+#: 6603f8d36b4c4b8699c5828e1f7524ae
+msgid "[0.0.7] - 2022-03-15"
+msgstr ""
+
+#: ../../CHANGES.rst:667
+#: eee009d2c8ce461c81c9f41d7d9d3184
+msgid "Fixed spaces and escaped special char in ldap cn/dn :pr:`43`"
+msgstr ""
+
+#: ../../CHANGES.rst:670
+#: 28b8544a1cc4490bbbc20b7e3b559ad9
+msgid "[0.0.6] - 2022-03-08"
+msgstr ""
+
+#: ../../CHANGES.rst:675
+#: c8eac8e7da0c4d7e982c70f2bab67f11
+msgid "Access token are JWT. :pr:`38`"
+msgstr ""
+
+#: ../../CHANGES.rst:680
+#: bdaa41ff05a44a8882b8f779649ee1ef
+msgid "Default groups on invitations :pr:`41`"
+msgstr ""
+
+#: ../../CHANGES.rst:681
+#: cc1d6c9dcd1c4acb85b2e3647164dfd5
+msgid "Schemas are shipped within the canaille package :pr:`42`"
+msgstr ""
+
+#: ../../CHANGES.rst:684
+#: 745b368228b740648ba0e391fc1441b7
+msgid "[0.0.5] - 2022-02-17"
+msgstr ""
+
+#: ../../CHANGES.rst:689
+#: 573f89edace24eb4a4b71421ec453147
+msgid "LDAP model objects have new identifiers :pr:`37`"
+msgstr ""
+
+#: ../../CHANGES.rst:694
+#: 92f35a2770954f8e8f038e9b40a13dc1
+msgid "Admin menu dropdown display :pr:`39`"
+msgstr ""
+
+#: ../../CHANGES.rst:695
+#: 49bf14ec0da344aeabe2c7335edc983f
+msgid "`GROUP_ID_ATTRIBUTE` configuration typo :pr:`40`"
+msgstr ""
+
+#: ../../CHANGES.rst:698
+#: f5f990fc3774435b9c06c60a46fedd33
+msgid "[0.0.4] - 2022-02-16"
+msgstr ""
+
+#: ../../CHANGES.rst:703
+#: efbf9f9cf24c4fdbb6afbf7d77da18eb
+msgid "Client preauthorization :pr:`11`"
+msgstr ""
+
+#: ../../CHANGES.rst:704
+#: 8477e87e07dd4aceaa9c66da2164df60
+msgid "LDAP permissions check with the check command :pr:`12`"
+msgstr ""
+
+#: ../../CHANGES.rst:705
+#: 2c06792b06d2478384bc158adad6da07
+msgid "Update consents when a scope required is larger than the scope of an already given consent :pr:`13`"
+msgstr ""
+
+#: ../../CHANGES.rst:707
+#: b44da1ce5cc84620a2b7b831eccc3aa4
+msgid "Theme customization :pr:`15`"
+msgstr ""
+
+#: ../../CHANGES.rst:708
+#: 533547bc10ff40eeada4fd5611bb9650
+msgid "Logging configuration :pr:`16`"
+msgstr ""
+
+#: ../../CHANGES.rst:709
+#: f592e20d3c5145d3b4a190b334e8846b
+msgid "Installation command :pr:`17`"
+msgstr ""
+
+#: ../../CHANGES.rst:710
+#: bb8ed1c9f9eb454b88937794a358c977
+msgid "Invitation links :pr:`18`"
+msgstr ""
+
+#: ../../CHANGES.rst:711
+#: 66c1305c81534b86abc646619437316b
+msgid "Advanced permissions :pr:`20`"
+msgstr ""
+
+#: ../../CHANGES.rst:712
+#: 2817bc7cf9c541caa5e8eb65c688b877
+msgid "An option to not use OIDC :pr:`23`"
+msgstr ""
+
+#: ../../CHANGES.rst:713
+#: f43abfe74a5149f2998a425f6647a7c8
+msgid "Disable some features when no SMTP server is configured :pr:`24`"
+msgstr ""
+
+#: ../../CHANGES.rst:714
+#: 08f9c5f4eef04268a1e6a21fdf385d08
+msgid "Login placeholder dynamically generated according to the configuration :pr:`25`"
+msgstr ""
+
+#: ../../CHANGES.rst:715
+#: 12ef2669180948fd830de832f9feda80
+msgid "Added an option to tune object IDs :pr:`26`"
+msgstr ""
+
+#: ../../CHANGES.rst:716
+#: 699fbda5c0794dcab9a1b3b4f1fde65d
+msgid "Avatar support :pr:`27`"
+msgstr ""
+
+#: ../../CHANGES.rst:717
+#: e444e0140588439bb6a806c8fce27d5c
+msgid "Dynamical and configurable JWT claims :pr:`28`"
+msgstr ""
+
+#: ../../CHANGES.rst:718
+#: d632e8693e4a4720b308f8ad0208f345
+msgid "UI improvements :pr:`29`"
+msgstr ""
+
+#: ../../CHANGES.rst:719
+#: 307da1f635884d7cb8d1dea337e2b3f6
+msgid "Invitation links expiration :pr:`30`"
+msgstr ""
+
+#: ../../CHANGES.rst:720
+#: 42079e74f80542f99830fef5b7fd5fe3
+msgid "Invitees can choose their IDs :pr:`31`"
+msgstr ""
+
+#: ../../CHANGES.rst:721
+#: 850c64f4681d4dbbae1dcacb72c410a3
+msgid "LDAP backend refactoring :pr:`35`"
+msgstr ""
+
+#: ../../CHANGES.rst:726
+#: 76b95256223a470ca90fc284fa46da42
+msgid "Fixed ghost members in a group :pr:`14`"
+msgstr ""
+
+#: ../../CHANGES.rst:727
+#: fa82e4620f004858aa77626aa4238a0d
+msgid "Fixed email sender names :pr:`19`"
+msgstr ""
+
+#: ../../CHANGES.rst:728
+#: c2b45cdee4f7492ca9f5121b0af5619f
+msgid "Fixed filter being not escaped :pr:`21`"
+msgstr ""
+
+#: ../../CHANGES.rst:729
+#: ed40598795c845c7b14be6811a96e89b
+msgid "Demo script good practices :pr:`32`"
+msgstr ""
+
+#: ../../CHANGES.rst:730
+#: c3228caa9f0548c7b4325b25114e9419
+msgid "Binary path for Debian :pr:`33`"
+msgstr ""
+
+#: ../../CHANGES.rst:731
+#: 89f68149d50141f5b622e2089e630f30
+msgid "Last name was not mandatory in the forms while this was mandatory in the LDAP server :pr:`34`"
+msgstr ""
+
+#: ../../CHANGES.rst:733
+#: 0b4cf695ca7b4c558eaab0829753a442
+msgid "Spelling typos :pr:`36`"
+msgstr ""
+
+#: ../../CHANGES.rst:736
+#: 01c32a472ee5423287d8f425a230caca
+msgid "[0.0.3] - 2021-10-13"
+msgstr ""
+
+#: ../../CHANGES.rst:741
+#: de308c6cd42342e097599d3a88a8788a
+msgid "Two-steps sign-in :issue:`49`"
+msgstr ""
+
+#: ../../CHANGES.rst:742
+#: 4fd5f3591aa94013895409024ae1513b
+msgid "Tokens can have several audiences. :issue:`62` :pr:`9`"
+msgstr ""
+
+#: ../../CHANGES.rst:743
+#: 6a6692094843450c95e0217da4dcb1f4
+msgid "Configuration check command. :issue:`66` :pr:`8`"
+msgstr ""
+
+#: ../../CHANGES.rst:744
+#: d89ebd0a6ac24ba694e1da7fde89b2c8
+msgid "Groups management. :issue:`12` :pr:`6`"
+msgstr ""
+
+#: ../../CHANGES.rst:749
+#: e5811ab616314ba980c96625a0d8e3de
+msgid "Introspection access bugfix. :issue:`63` :pr:`10`"
+msgstr ""
+
+#: ../../CHANGES.rst:750
+#: 72d2513a4bde4c8f8e2cc090ee858361
+msgid "Introspection sub claim. :issue:`64` :pr:`7`"
+msgstr ""
+
+#: ../../CHANGES.rst:753
+#: 9943793b44ad4af68d26aa84db0e677e
+msgid "[0.0.2] - 2021-01-06"
+msgstr ""
+
+#: ../../CHANGES.rst:758
+#: 6e5030c6abe3490195e46a3efdd039a5
+msgid "Login page is responsive. :issue:`1`"
+msgstr ""
+
+#: ../../CHANGES.rst:759
+#: 54d90a7b7e6945ee83d9a14e22106a79
+msgid "Adapt mobile keyboards to login page fields. :issue:`2`"
+msgstr ""
+
+#: ../../CHANGES.rst:760
+#: 3b2f0e0278154f22912d155b915a7b1c
+msgid "Password recovery interface. :issue:`3`"
+msgstr ""
+
+#: ../../CHANGES.rst:761
+#: cf77b7a0a5da48479129f41af2a2ddc9
+msgid "User profile interface. :issue:`4`"
+msgstr ""
+
+#: ../../CHANGES.rst:762
+#: 88038f23c054446586a62c891a6f7276
+msgid "Renamed the project *canaille*. :issue:`5`"
+msgstr ""
+
+#: ../../CHANGES.rst:763
+#: 1f7eff73094e43c6bc4a0bb47b45127a
+msgid "Command to remove old tokens. :issue:`17`"
+msgstr ""
+
+#: ../../CHANGES.rst:764
+#: 2ea5867f8a1144ccaec5eac99cef7c52
+msgid "Improved password recovery email. :issue:`14` :issue:`26`"
+msgstr ""
+
+#: ../../CHANGES.rst:765
+#: 25bb44affbd54997ae01bd4388921a7c
+msgid "Use flask `SERVER_NAME` configuration variable instead of `URL`. :issue:`24`"
+msgstr ""
+
+#: ../../CHANGES.rst:766
+#: 54313fc70dce4fca83afd0c5dfaddc9d
+msgid "Improved consents page. :issue:`27`"
+msgstr ""
+
+#: ../../CHANGES.rst:767
+#: 689505ac996b48afb47ed5ddaef9d47f
+msgid "Admin user page. :issue:`8`"
+msgstr ""
+
+#: ../../CHANGES.rst:768
+#: a9e2d29c36914ca19e15d6ad861176e9
+msgid "Project logo. :pr:`29`"
+msgstr ""
+
+#: ../../CHANGES.rst:769
+#: f3b5202b2b7740568531fe3906855f03
+msgid "User account self-deletion can be enabled in the configuration with `SELF_DELETION`. :issue:`35`"
+msgstr ""
+
+#: ../../CHANGES.rst:770
+#: 80701ace447a43f284734c67a9b1ca2d
+msgid "Admins can impersonate users. :issue:`39`"
+msgstr ""
+
+#: ../../CHANGES.rst:771
+#: 7796de620b5a4ccdb23ce384341e1758
+msgid "Forgotten page UX improvement. :pr:`43`"
+msgstr ""
+
+#: ../../CHANGES.rst:772
+#: 56800b25a229466399dcbe3a3528ab60
+msgid "Admins can remove clients. :pr:`45`"
+msgstr ""
+
+#: ../../CHANGES.rst:773
+#: 0076a0c3a47b436b9e2fb6963a729ee1
+msgid "Option `HIDE_INVALID_LOGIN` that can be unactivated to let the user know if the login he attempt to sign in with exists or not. :pr:`48`"
+msgstr ""
+
+#: ../../CHANGES.rst:775
+#: 7a7d9b00fb734cf4ba9c543bba0b3091
+msgid "Password initialization mail. :pr:`51`"
+msgstr ""
+
+#: ../../CHANGES.rst:780
+#: f4fb3818258f4780a29a24659210cdfb
+msgid "Form translations. :issue:`19` :issue:`23`"
+msgstr ""
+
+#: ../../CHANGES.rst:781
+#: dbcc4f751dea41c681efc2ee75ff82e0
+msgid "Avoid to use Google Fonts. :issue:`21`"
+msgstr ""
+
+#: ../../CHANGES.rst:786
+#: 739c22fd4b9f4b6bbec8c2978f861dfb
+msgid "'My tokens' page. :issue:`22`"
+msgstr ""
+
+#: ../../CHANGES.rst:789
+#: e97780e06f514cecb78f5fe71cc24468
+msgid "[0.0.1] - 2020-10-21"
+msgstr ""
+
+#: ../../CHANGES.rst:794
+#: e92a4a0a93924e5db178e1add9a98a07
+msgid "Initial release."
+msgstr ""
diff --git a/doc/gettext/development/contributing.pot b/doc/gettext/development/contributing.pot
new file mode 100644
index 00000000..3d43b791
--- /dev/null
+++ b/doc/gettext/development/contributing.pot
@@ -0,0 +1,400 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) 2024, Yaal Coop
+# This file is distributed under the same license as the canaille package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: canaille 0.0.56\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2024-11-22 16:20+0100\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../../CONTRIBUTING.rst:2
+#: 002b7b86e67341a3abe1dc69ec1e6a70
+msgid "Contributions"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:4
+#: dd19b789311b44ddbfebef856907661f
+msgid "Contributions are welcome!"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:6
+#: 5a0c060f5510420485f21f180a8d16c8
+msgid "The repository is hosted at `gitlab.com/yaal/canaille <https://gitlab.com/yaal/canaille>`_."
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:9
+#: ba0d490fa2454469b836749c6f260ba3
+msgid "Discuss"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:11
+#: 5e6f9e2ce04d441c834bd51320b99525
+msgid "If you want to implement a feature or a bugfix, please start by discussing it with us on the `bugtracker <https://gitlab.com/yaal/canaille/-/issues>`_ or the `matrix room <https://matrix.to/#/#canaille-discuss:yaal.coop>`_."
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:16
+#: 0140e772bf834f889e84ec0e993fdb45
+msgid "Development environment"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:18
+#: fa5a69a308724bcf98d79d3d2e3f28f2
+msgid "You can either run the demo locally or with Docker."
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:20
+#: 0a41b0d076254191ad0614c09d718c96
+msgid "The only tool required for local development is `uv`. Make sure to have uv `installed on your computer <https://docs.astral.sh/uv/getting-started/installation/>`_ to be able to hack Canaille."
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:24
+#: b0c122affe964f63a9d237b87ae8043f
+msgid "Initialize your development environment with: - ``uv sync --extra front --extra oidc`` to have a minimal working development environment. This will allow you to run the tests with ``uv pytest --backend memory``. - ``uv sync --extra front --extra oidc --extra sqlite`` to have a minimal working development environment with SQLite backend support. This will allow you to run the tests with ``uv pytest --backend sql``. - ``uv sync --extra front --extra oidc --extra ldap`` to have a minimal working development environment with LDAP backend support. This will allow you to run the tests with ``uv pytest --backend ldap``. - ``uv sync --all-extras`` if you want to have everything at your fingertips. Note that it may compile some Python dependencies that would expect things to be installed on your system; Some dependencies of Canaille might need to be compiled, so you probably want to check that `GCC` and `cargo` are available on your computer."
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:31
+#: 06d722cef5bf4514bbb820a4d1e43cf3
+msgid "After having launched the demo you have access to several services:"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:33
+#: ea39f2cd97274d7eb688562b3b05444c
+msgid "A canaille server at `localhost:5000 <http://localhost:5000>`_"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:34
+#: 880dcaf1bf8e4753bead6e6f5051c8bb
+msgid "A dummy client at `localhost:5001 <http://localhost:5001>`_"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:35
+#: f0ab0940d9b04b9f91cbb3dcf7953e56
+msgid "Another dummy client at `localhost:5002 <http://localhost:5002>`_"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:37
+#: 347d5b12d2054eed8ede671233b3ce85
+msgid "The canaille server has some default users:"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:39
+#: 6323897e96df481db1bdd48ec861915e
+msgid "A regular user which login and password are **user**;"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:40
+#: b10c66fe4dae4efca925aebcc307439a
+msgid "A moderator user which login and password are **moderator**;"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:41
+#: 379aa4fc7d7a427ead3a6802bd843c79
+msgid "An admin user which admin and password are **admin**;"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:42
+#: 17002848baf846bead5f780f81d8f555
+msgid "A new user which login is **james**. This user has no password yet, and his first attempt to log-in would result in sending a password initialization email (if a smtp server is configured)."
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:47
+#: 0fb9b013289d432280da24a3c0b3bd7f
+msgid "Backends"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:49
+#: 958b994659a74b6d92def6f9eded872f
+msgid "Canaille comes with several backends:"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:51
+#: 1f1357d0032747dab9f508a4e0a42b8c
+msgid "a lightweight test purpose `memory` backend"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:52
+#: 1891b9a2fc514712b4adbf69c3ce1c65
+msgid "a `sql` backend, based on sqlalchemy"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:53
+#: dfe5ba8564c34dd5a5059defdbd7265d
+msgid "a production-ready `LDAP` backend"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:56
+#: e61ba8769c274e26b93a9379b2318c66
+msgid "Docker environment"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:58
+#: 789cfcce161041aab0a9ec38e60d1ce3
+msgid "If you want to develop with docker, your browser needs to be able to reach the `canaille` container. The docker-compose file exposes the right ports, but front requests are from outside the docker network: the `canaille` url that makes sense for docker, points nowhere from your browser. As exposed ports are on `localhost`, you need to tell your computer that `canaille` url means `localhost`."
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:63
+#: 243bc254bb984976a9b7a1ebdfb164e9
+msgid "To do that, you can add the following line to your `/etc/hosts`:"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:69
+#: 4c97cc128cde4bde9a615540fac34a37
+msgid "To launch containers, use:"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:84
+#: 37903a2ee9264932bfda81ccfc8c2f23
+msgid "Local environment"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:98
+#: 9fd679598df14c87983d9a3db07c1b14
+msgid "If you want to run the demo locally with the LDAP backend, you need to have `OpenLDAP <https://www.openldap.org/>`_ installed on your system. It is generally shipped under the ``slapd`` or ``openldap`` package name."
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:103
+#: cabb1f62e5ab4f649333fb4bdea44bb7
+msgid "On Debian or Ubuntu systems, the OpenLDAP `slapd` binary usage might be restricted by apparmor, and thus makes the tests and the demo fail. This can be mitigated by removing apparmor restrictions on `slapd`."
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:113
+#: a968344527c248d28ee118a01deac886
+msgid "Populate the database"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:115
+#: f86dab9375c843329fda042e45a18fad
+msgid "The demo database comes populated with some random users and groups. If you need more, you can generate users and groups with the ``populate`` command:"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:126
+#: e1c8a2e4f1154d4da564a52eed57bf70
+msgid "Adapt to use either the `ldap` or the `sql` configuration file. Note that this will not work with the memory backend."
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:129
+#: 3f7cb689b8c04892bacc9a1e69369f5a
+msgid "Unit tests"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:131
+#: 5a55d7ab327844ecb7e5cdfba5692648
+msgid "To run the tests, you just can run `uv run pytest` and/or `uv run tox` to test all the supported python environments. Everything must be green before patches get merged."
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:134
+#: b59e6cc3d02e43cb809a4e917bdc9c9b
+msgid "To test a specific backend you can pass ``--backend memory``, ``--backend sql`` or ``--backend ldap`` to pytest and tox."
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:136
+#: 31a0a090499441cab7c275bced31a11e
+msgid "The test coverage is 100%, patches won't be accepted if not entirely covered. You can check the test coverage with ``uv run pytest --cov --cov-report=html`` or ``uv run tox -e coverage -- --cov-report=html``. You can check the HTML coverage report in the newly created `htmlcov` directory."
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:141
+#: 4cd3c9737c4244de8817eb59ca927124
+msgid "Code style"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:143
+#: 0f2b878130954759a11524c208e26a5d
+msgid "We use `ruff <https://docs.astral.sh/ruff/>`_ along with other tools to format our code. Please run ``uv run tox -e style`` on your patches before submitting them. In order to perform a style check and correction at each commit you can use our `pre-commit <https://pre-commit.com/>`_ configuration with ``uv run pre-commit install``."
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:149
+#: cba1248331964d159b2b1253ae50634d
+msgid "Front"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:151
+#: 1bc0bb39fb2b47c2aac56db867fa0d93
+msgid "The interface is built upon the `Fomantic UI <https://fomantic-ui.com/>`_ CSS framework. The dynamical parts of the interface use `htmx <https://htmx.org/>`_."
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:154
+#: b4a85f39680449cf9f911d541d794c6d
+msgid "Using Javascript in the interface is tolerated, but the whole website MUST be accessible for browsers without Javascript support, and without any feature loss."
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:156
+#: cb749cb0196846578e5e04df1df97062
+msgid "Because of Fomantic UI we have a dependency to jQuery, however new contributions should not depend on jQuery at all. See the `related issue <https://gitlab.com/yaal/canaille/-/issues/130>`_."
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:161
+#: deea2dbf6acb42e99b95f661d4a540a5
+msgid "Documentation"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:163
+#: bde97657892b41d3a44e9c29919882a8
+msgid "The documentation is generated when the tests run:"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:169
+#: 91d5753457ef4fe08d82c1c03c30a4c6
+msgid "You can also run sphinx by hand, that should be faster since it avoids the tox environment initialization:"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:175
+#: 84a7965f74c342f4a767d918ec7e7fc8
+msgid "The generated documentation is located at ``build/sphinx/html``."
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:178
+#: 3523b0c7c50544a7ae680fd16c821a28
+msgid "Code translation"
+msgstr ""
+
+#: ../../canaille/translations/README.rst:1
+#: a8f1fb9815754963a29bcfa65855ef88
+msgid "Translations are done with `Weblate <https://hosted.weblate.org/projects/canaille/canaille>`_."
+msgstr ""
+
+#: ../../canaille/translations/README.rst:3
+#: 3d5f471d16f5427dbad3a203cdd90503
+msgid "The following commands are there as documentation, only the message extraction is needed for contributors. All the other steps are automatically done with Weblate."
+msgstr ""
+
+#: ../../canaille/translations/README.rst:8
+#: ../locales/readme.rst:7
+#: f11c4c84df6d443190d1b60d4f858fce
+#: 7a6d3aff28fe4cf7a4e975ff7935d31e
+msgid "Message extraction"
+msgstr ""
+
+#: ../../canaille/translations/README.rst:10
+#: ../locales/readme.rst:9
+#: c7318169ac354feeae24e67436dd1c6b
+#: 5830609426e04e7ba3aeea18c413ee2e
+msgid "After you have edited translatable strings, you should extract the messages with:"
+msgstr ""
+
+#: ../../canaille/translations/README.rst:17
+#: ../locales/readme.rst:16
+#: 764623358ada4e1684d1b572d61b712e
+#: e3af01ce677943feaa7ade5343c8e90a
+msgid "Language addition"
+msgstr ""
+
+#: ../../canaille/translations/README.rst:19
+#: ../locales/readme.rst:18
+#: a2b5aff4084044d78c59e0fabc992490
+#: 546fd984ffa64b31972b1670b09ca6b3
+msgid "You can add a new language manually with the following command, however this should not be needed as Weblate takes car of this:"
+msgstr ""
+
+#: ../../canaille/translations/README.rst:26
+#: a61a44e0a1914d6c95e4ce4a2fb7ca42
+msgid "Catalog update"
+msgstr ""
+
+#: ../../canaille/translations/README.rst:28
+#: 1c475d88301b4d3aa56d82f20a24cc27
+msgid "You can update the catalogs with the following command, however this should not be needed as Weblate automatically update language catalogs when it detects new strings or when someone translate some existing strings. Weblate pushes happen every 24h."
+msgstr ""
+
+#: ../../canaille/translations/README.rst:36
+#: 4200924e358f45499f460769cc67c6a9
+msgid "Catalog compilation"
+msgstr ""
+
+#: ../../canaille/translations/README.rst:38
+#: 40de58e8a420485eb689e4abb8a4fa5e
+msgid "You can compile the catalogs with the following command, however this should not be needed as catalogs are automatically compiled before running the unit tests, before launching the demo and before compiling the Canaille python package:"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:184
+#: a168ea61caf74157be0b82d1d9952af6
+msgid "Documentation translation"
+msgstr ""
+
+#: ../locales/readme.rst:1
+#: b466e2381f024d40a12476d4846059f6
+msgid "Documentation translation Translations are done with `Weblate <https://hosted.weblate.org/projects/canaille/canaille>`_."
+msgstr ""
+
+#: ../locales/readme.rst:4
+#: 1294588ccb444efda7d1edc0ac45c573
+msgid "The following commands are there as documentation, only the message extraction and the language addition is needed for contributors."
+msgstr ""
+
+#: ../locales/readme.rst:25
+#: 5574bcc510534444bf74cc4471725689
+msgid "Build the documentation in another language"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:189
+#: 6215d4058c6b45c9ab9c57244986b560
+msgid "Publish a new release"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:191
+#: 5c63146cdc484f34a4ac23b3b60f7364
+msgid "Check that dependencies are up to date with ``uv sync --all-extras --upgrade`` and update dependencies accordingly in separated commits;"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:192
+#: 4d516e6db43048a99f1112b743916559
+msgid "Check that tests are still green for every supported python version, and that coverage is still at 100%, by running ``uv run tox``;"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:193
+#: 785c12428a4943288820c40c5d0ac261
+msgid "Check that the demo environments are still working, both the local and the Docker one;"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:194
+#: 0700ba761ff7459b8a1aa7e48afb8da8
+msgid "Check that the :ref:`development/changelog:Release notes` section is correctly filled up;"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:195
+#: 19f01831d3c04d36b74e4355021cf704
+msgid "Increase the version number in ``pyproject.toml``;"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:196
+#: 3cc39e4b68bf400292e544a33e9dcda3
+msgid "Commit with ``git commit``;"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:197
+#: b2f863f911f24805a109793d6806f83d
+msgid "Build with ``uv build``;"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:198
+#: fc01b4e40b58444391e922a6e8ea9e95
+msgid "Publish on test PyPI with ``uv publish --publish-url https://test.pypi.org/legacy/``;"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:199
+#: 0c7fbbb63e1e49ea871ca01165cb3b8a
+msgid "Install the test package somewhere with ``pip install --extra-index-url https://test.pypi.org/simple --upgrade canaille``. Check that everything looks fine;"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:200
+#: e1a8cc289c9040c198eb0f8f8ba502d8
+msgid "Publish on production PyPI ``uv publish``;"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:201
+#: 572996fb9dae4a3cad4a53104b812f70
+msgid "Tag the commit with ``git tag XX.YY.ZZ``;"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:202
+#: 91cf66e174e845fbad4201c90209fdad
+msgid "Push the release commit and the new tag on the repository with ``git push --tags``."
+msgstr ""
diff --git a/doc/gettext/development/index.pot b/doc/gettext/development/index.pot
new file mode 100644
index 00000000..57db7c7c
--- /dev/null
+++ b/doc/gettext/development/index.pot
@@ -0,0 +1,22 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) 2024, Yaal Coop
+# This file is distributed under the same license as the canaille package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: canaille 0.0.56\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2024-11-22 16:20+0100\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../development/index.rst:2
+#: f8ef9113aa3f42238460597ae3d0bc4d
+msgid "Development"
+msgstr ""
diff --git a/doc/gettext/development/specifications.pot b/doc/gettext/development/specifications.pot
new file mode 100644
index 00000000..8fcdc5a1
--- /dev/null
+++ b/doc/gettext/development/specifications.pot
@@ -0,0 +1,542 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) 2024, Yaal Coop
+# This file is distributed under the same license as the canaille package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: canaille 0.0.56\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2024-11-22 16:20+0100\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../development/specifications.rst:2
+#: a97a6bb1c237424994246e8e65391683
+msgid "Specifications"
+msgstr ""
+
+#: ../development/specifications.rst:4
+#: 75d7d4c9e1d943c0917c652bdaee5b8e
+msgid "This page details which specifications are implemented in Canaille, and compares Canaille with other well-known identity providers."
+msgstr ""
+
+#: ../development/specifications.rst:7
+#: 11062c45350643188f89a05c46b15be6
+msgid "State of the specs in Canaille"
+msgstr ""
+
+#: ../development/specifications.rst:10
+#: 339273b06e0b4c60ad30a7dedec78d6f
+msgid "OAuth2"
+msgstr ""
+
+#: ../development/specifications.rst:12
+#: f19a30db556b4c489e1cfd34a22d714a
+msgid "✅ `RFC6749: OAuth 2.0 Framework <https://tools.ietf.org/html/rfc6749>`_"
+msgstr ""
+
+#: ../development/specifications.rst:13
+#: 5214108a1c8f4e47ad186ff7715bd304
+msgid "✅ `RFC6750: OAuth 2.0 Bearer Tokens <https://tools.ietf.org/html/rfc6750>`_"
+msgstr ""
+
+#: ../development/specifications.rst:14
+#: 8296b65720114476bd1db0807519889c
+msgid "✅ `RFC7009: OAuth 2.0 Token Revocation <https://tools.ietf.org/html/rfc7009>`_"
+msgstr ""
+
+#: ../development/specifications.rst:15
+#: a7af32f3d44d44af8a37aa6f68b415c4
+msgid "❌ `RFC7523: JWT Profile for OAuth 2.0 Client Authentication and Authorization Grants <https://tools.ietf.org/html/rfc7523>`_"
+msgstr ""
+
+#: ../development/specifications.rst:16
+#: e5f4e81f5a7b4ddb873655612903f3ec
+msgid "✅ `RFC7591: OAuth 2.0 Dynamic Client Registration Protocol <https://tools.ietf.org/html/rfc7591>`_"
+msgstr ""
+
+#: ../development/specifications.rst:17
+#: ea20c5a67bbe4de2a5fd5127e41b0283
+msgid "✅ `RFC7592: OAuth 2.0 Dynamic Client Registration Management Protocol <https://tools.ietf.org/html/rfc7592>`_"
+msgstr ""
+
+#: ../development/specifications.rst:18
+#: 14f2599367a94c59abae6c6b67c5fadc
+msgid "✅ `RFC7636: Proof Key for Code Exchange by OAuth Public Clients <https://tools.ietf.org/html/rfc7636>`_"
+msgstr ""
+
+#: ../development/specifications.rst:19
+#: 1121950e20e04c90be2dccaacdd2ecee
+msgid "✅ `RFC7662: OAuth 2.0 Token Introspection <https://tools.ietf.org/html/rfc7662>`_"
+msgstr ""
+
+#: ../development/specifications.rst:20
+#: 0ea4a16217344ff7b5ee6c06927e6556
+msgid "✅ `RFC8414: OAuth 2.0 Authorization Server Metadata <https://tools.ietf.org/html/rfc8414>`_"
+msgstr ""
+
+#: ../development/specifications.rst:21
+#: 949318440bb345acbe0654a797bd07f2
+msgid "❌ `RFC8428: OAuth 2.0 Device Authorization Grant <https://tools.ietf.org/html/rfc8428>`_"
+msgstr ""
+
+#: ../development/specifications.rst:22
+#: ca5d9effb5f04710823144e6425d650b
+msgid "❌ `RFC8693: OAuth 2.0 Token Exchange <https://tools.ietf.org/html/rfc8693>`_"
+msgstr ""
+
+#: ../development/specifications.rst:23
+#: 253eda4c940a4e89a03d4ffd68e9da44
+msgid "❌ `RFC8705: OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens <https://tools.ietf.org/html/rfc8705>`_"
+msgstr ""
+
+#: ../development/specifications.rst:24
+#: 09b81d39ca2f410abf48cb370ecce899
+msgid "❌ `RFC8707: Resource Indicators for OAuth 2.0 <https://tools.ietf.org/html/rfc8707>`_"
+msgstr ""
+
+#: ../development/specifications.rst:25
+#: 9bd8b400a3b14a83915295f5a66cbcbd
+msgid "❌ `RFC9068: JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens <https://tools.ietf.org/html/rfc9068>`_"
+msgstr ""
+
+#: ../development/specifications.rst:26
+#: 46421682784443ea9da95d898c6c3b19
+msgid "❌ `RFC9101: OAuth 2.0 JWT-Secured Authorization Request (JAR) <https://tools.ietf.org/html/rfc9101>`_"
+msgstr ""
+
+#: ../development/specifications.rst:27
+#: 9794b722db5940ec96442e71c3f736ec
+msgid "❌ `RFC9126: OAuth 2.0 Pushed Authorization Requests <https://tools.ietf.org/html/rfc9126>`_"
+msgstr ""
+
+#: ../development/specifications.rst:28
+#: 35e4b73e84dd46ff9748778d150977ef
+msgid "❌ `RFC9207: OAuth 2.0 Authorization Server Issuer Identification <https://tools.ietf.org/html/rfc9207>`_"
+msgstr ""
+
+#: ../development/specifications.rst:29
+#: 390c1264e09543b999c7c6c526ef9506
+msgid "❌ `RFC9394: OAuth 2.0 Rich Authorization Requests <https://www.rfc-editor.org/rfc/rfc9396.html>`_"
+msgstr ""
+
+#: ../development/specifications.rst:30
+#: 9d394579d199448d92824fc5b1615ddb
+msgid "❌ `OAuth2 Multiple Response Types <https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html>`_"
+msgstr ""
+
+#: ../development/specifications.rst:31
+#: ec3047a0028240a9a426ed49cd9fbd72
+msgid "❌ `OAuth2 Form Post Response Mode <https://openid.net/specs/oauth-v2-form-post-response-mode-1_0.html>`_"
+msgstr ""
+
+#: ../development/specifications.rst:34
+#: ef134aa15cc04f8aa1f66d29af6444db
+msgid "OpenID Connect"
+msgstr ""
+
+#: ../development/specifications.rst:36
+#: 1a4fed4ff22743ac8a6994bb06b64d07
+msgid "✅ `OpenID Connect Core <https://openid.net/specs/openid-connect-core-1_0.html>`_"
+msgstr ""
+
+#: ../development/specifications.rst:37
+#: d61d7bd64b024945817c8fb8ff146aa7
+msgid "✅ `OpenID Connect Discovery <https://openid.net/specs/openid-connect-discovery-1_0.html>`_"
+msgstr ""
+
+#: ../development/specifications.rst:38
+#: 390181b65f6247988cd1492e1c556053
+msgid "✅ `OpenID Connect Dynamic Client Registration <https://openid.net/specs/openid-connect-registration-1_0.html>`_"
+msgstr ""
+
+#: ../development/specifications.rst:39
+#: 714ed86b678e42e9808ef358702430f1
+msgid "✅ `OpenID Connect RP Initiated Logout <https://openid.net/specs/openid-connect-rpinitiated-1_0.html>`_"
+msgstr ""
+
+#: ../development/specifications.rst:40
+#: c2152b277d7144bd94ae19ad511f544c
+msgid "❌ `OpenID Connect Session Management <https://openid.net/specs/openid-connect-session-1_0.html>`_"
+msgstr ""
+
+#: ../development/specifications.rst:41
+#: 013f8fdab4cd4c8fa7327f9b2a57c1ea
+msgid "❌ `OpenID Connect Front Channel Logout <https://openid.net/specs/openid-connect-frontchannel-1_0.html>`_"
+msgstr ""
+
+#: ../development/specifications.rst:42
+#: 6e40e88f49d44d56804247f11335b56a
+msgid "❌ `OpenID Connect Back Channel Logout <https://openid.net/specs/openid-connect-backchannel-1_0.html>`_"
+msgstr ""
+
+#: ../development/specifications.rst:43
+#: 3d9b66f66adc4db2bc322fbd831dc655
+msgid "❌ `OpenID Connect Back Channel Authentication Flow <https://openid.net/specs/openid-client-initiated-backchannel-authentication-core-1_0.html>`_"
+msgstr ""
+
+#: ../development/specifications.rst:44
+#: edf569cf85144687ab8b11d290278122
+msgid "❌ `OpenID Connect Core Error Code unmet_authentication_requirements <https://openid.net/specs/openid-connect-unmet-authentication-requirements-1_0.html>`_"
+msgstr ""
+
+#: ../development/specifications.rst:45
+#: 5eed00445d4b41adaeddd84a90e3125b
+msgid "✅ `Initiating User Registration via OpenID Connect 1.0 <https://openid.net/specs/openid-connect-prompt-create-1_0.html>`_"
+msgstr ""
+
+#: ../development/specifications.rst:48
+#: ../development/specifications.rst:64
+#: 8366892620b9425b9681dee3d90902f6
+#: 534b14ea707f47d883031ce0c2ad422d
+msgid "SCIM"
+msgstr ""
+
+#: ../development/specifications.rst:50
+#: 7874e3563b874bdea0eddbfd185ebc6e
+msgid "❌ `RFC7642: System for Cross-domain Identity Management: Definitions, Overview, Concepts, and Requirements <https://www.rfc-editor.org/rfc/rfc7642>`_"
+msgstr ""
+
+#: ../development/specifications.rst:51
+#: dc1d0faa287b404e8a9a77b40b8a0217
+msgid "❌ `RFC7643: System for Cross-domain Identity Management: Core Schema <https://www.rfc-editor.org/rfc/rfc7642>`_"
+msgstr ""
+
+#: ../development/specifications.rst:52
+#: 1f08e6eea6024ea0b5c58667c7dbf48a
+msgid "❌ `RFC7644: System for Cross-domain Identity Management: Protocol <https://www.rfc-editor.org/rfc/rfc7642>`_"
+msgstr ""
+
+#: ../development/specifications.rst:55
+#: b0d76f694f054508b87fc7daba711f30
+msgid "Comparison with other providers"
+msgstr ""
+
+#: ../development/specifications.rst:57
+#: 5b284471edaf4fb0a91ee8b75d265d74
+msgid "Here is a feature comparison with other OpenID Connect server software."
+msgstr ""
+
+#: ../development/specifications.rst:59
+#: 1e727634ba574bef9fab355484f4994b
+msgid "Canaille voluntarily only implements the OpenID Connect protocol to keep its codebase simple."
+msgstr ""
+
+#: ../development/specifications.rst:62
+#: 9c600e2a483240c8a166d2465e746dc4
+msgid "Software"
+msgstr ""
+
+#: ../development/specifications.rst:62
+#: 8cdd9df00b754a7ab51faa08ce09b8e2
+msgid "Project"
+msgstr ""
+
+#: ../development/specifications.rst:62
+#: 8d2892100b0f42549279e64ff7a69c13
+msgid "Protocols implementations"
+msgstr ""
+
+#: ../development/specifications.rst:62
+#: 96807e04038b49a2b211721a1e8c1d0d
+msgid "Backends"
+msgstr ""
+
+#: ../development/specifications.rst:64
+#: 7e230f36d1d44b3dbfc66acfea5625ef
+msgid "FLOSS"
+msgstr ""
+
+#: ../development/specifications.rst:64
+#: 0efe70a1d9354b1e96b2679d712419a3
+msgid "Language"
+msgstr ""
+
+#: ../development/specifications.rst:64
+#: f792dfb7f933494088f88be1703218c1
+msgid "LOC"
+msgstr ""
+
+#: ../development/specifications.rst:64
+#: 0abe79cb5e464cb7b8b7bcea5271fed5
+msgid "OIDC"
+msgstr ""
+
+#: ../development/specifications.rst:64
+#: 983adf22c3654f21895cc7ff72d92dc5
+msgid "SAML"
+msgstr ""
+
+#: ../development/specifications.rst:64
+#: 6985f4286f8f4fb7b843ee73e03e8731
+msgid "CAS"
+msgstr ""
+
+#: ../development/specifications.rst:64
+#: fa51f3013aa54f16a2ca358197c08479
+msgid "LDAP"
+msgstr ""
+
+#: ../development/specifications.rst:64
+#: c339c0f461194b9e940042576fda7446
+msgid "SQL"
+msgstr ""
+
+#: ../development/specifications.rst:66
+#: e1646674415744f88024dcbf7cf671ef
+msgid "Canaille"
+msgstr ""
+
+#: ../development/specifications.rst:66
+#: ../development/specifications.rst:68
+#: ../development/specifications.rst:70
+#: ../development/specifications.rst:72
+#: ../development/specifications.rst:74
+#: ../development/specifications.rst:76
+#: ../development/specifications.rst:78
+#: ../development/specifications.rst:80
+#: ../development/specifications.rst:82
+#: ../development/specifications.rst:84
+#: ../development/specifications.rst:86
+#: ../development/specifications.rst:88
+#: 61fd556cb20d492eb3d00a3f25119922
+#: 21b316fd400144b1baf2a84b43b1e91b
+#: 081fa6b4e8bc4a2a84c5065be6fc86b2
+#: 39da93a684b84957a285d01ff9fc429d
+#: 738e75094fd047d8a4c3ededeffd82a5
+#: 75f85206ad4a4cf1a2be4eb97392b7f1
+#: b4b7dbbf0d18428cab9909f751156c3e
+#: e8601f2f08e8478b8e806af474867681
+#: 625c279a263645edbd90483e39906b61
+#: 3a71fe452de5468e84d63e5e5863df5d
+#: 22d33a862ab2488cbd51962fd7f76efb
+#: c202d381f1854b949df07f8a6c53fc51
+#: 3c29fd50290242c39afabcd83b39be14
+#: 8f029b73bc134579ba7aef85b2258bb1
+#: 18970336aa81458f83ce8efe2e1cb388
+#: 0ff561dcb5a74ea6bc8daa6912eedbf7
+#: 512b4f6b8da44ce691b08dd17fccac1c
+#: 0353d5d6952e454d92d2714158a3fff7
+#: 12ea772de9ed468d820b5cd8b779c63d
+#: 9667afb42f474d7890846205b5f12aaf
+#: 1c8f030a0ddc425c99b7854c6446152e
+#: ceb819004a5949d7a54bb3ae0811fdc3
+#: f35d58e2b267437fb658cbd453deb92b
+#: 0eb2098ed2ed44fc9e63c65651de75c6
+#: 39683a7608824577a002940e9b3caae1
+#: 7772e40b9f574ffab4146d1c8181bcae
+#: 78f98cf3d58f446b905d6576cdf03dc9
+#: fbf1aa18e2e941408b568cc17c93f991
+#: a1198553c8cc4e6da83b4721719ba046
+#: 98777ff169804c9b8bddae6231196cc1
+#: 203d011b336a4eb9be05bba9a11ed653
+#: 77d8a7117ad74c24a2a7cd5edf2660f5
+#: f01d6c19c10249e7b2ee838617aaa991
+#: 2750a5cba5c7462b90f0c0c2c0c641ef
+#: 97fed39b6da643aeaea1a3376a6abab7
+#: a1bf1f291f7d4825962693679b4d0dda
+#: f5c658e8843d4d3fa545b84a59ce5a1b
+#: f7aa39787f5041b0982c9b6f8fd7fc21
+#: 4ed876d863db4330a3892334c172355d
+#: cc0096f4698940d08b82d53cc8152ed5
+#: 5547268b704a4692a6123aec3baedf4a
+#: 805d4d7d81724af3a7915e29a7a43873
+#: 59a184ce7f854fe69d5b0e0f05ac7ac7
+#: b1e2d928968147429a235debf80c75b9
+#: 9f3b574c47f741dcb447476db7adfa23
+#: d15375d26e4d4482baa98ad71d98d56b
+#: 5a5847cc16c64f52b0dba5b39082ceb0
+#: 6d2ea3bbef584893b186b6eba817d27a
+#: c3d89ead25df491da9676ca4ef4efdb2
+#: 573b3e570b59475482b3bc67d3b76ece
+#: f9ffa865465e46e89841dead35408ad4
+#: 1d0b3f93d7624e2995fdd8571d8520a4
+#: 1127c63012824b6b9bf9d0671e37f1e4
+#: c79b6ee5249e464087b2e98b600d3167
+#: bb1245ee01ef49089f893aeca7d1cca5
+#: 099c80fc74334fccacdb0f95821ea043
+#: 0b1ec06cc91140e2bfd9649af05aca99
+#: 44f1951905794391a0239cbc55a73b49
+#: 08e5a3acc0a6475ea717b19e33a78de5
+#: 1e6802c43e8742a8aba6967c7b58a0ae
+#: 4c8d38384fd0454598ce7f55a53c8b90
+#: a72be67fc5014d63829596f87977a2c8
+#: 072cba535c7d4b07bed0be8adfcb5cec
+msgid "✅"
+msgstr ""
+
+#: ../development/specifications.rst:66
+#: ../development/specifications.rst:72
+#: ../development/specifications.rst:74
+#: a80c37859bd44e319edadf183220a78f
+#: 24b3e50fd6b1448eb430a1d191b5270b
+#: 7036e1a28c2145a68d3fc01d990a8dfa
+msgid "Python"
+msgstr ""
+
+#: ../development/specifications.rst:66
+#: 0a7351b6a6b94bb8b27a0bf5551bb52a
+msgid "10k"
+msgstr ""
+
+#: ../development/specifications.rst:66
+#: ../development/specifications.rst:68
+#: ../development/specifications.rst:70
+#: ../development/specifications.rst:72
+#: ../development/specifications.rst:74
+#: ../development/specifications.rst:76
+#: ../development/specifications.rst:78
+#: ../development/specifications.rst:82
+#: ../development/specifications.rst:86
+#: ../development/specifications.rst:88
+#: 6c9a76b2c5de48ecb8f0d21b6852fbe9
+#: 010027f0edd9497595f7d90006d01b43
+#: 65026d1d5f1b4e44987f53b9dba9003a
+#: 91ad0a0db8ec4ea8a621c78384a0b299
+#: f0de2f44ad6940ae9cfb9ab991ddf4ac
+#: 5cffb63471b8475d88a9f3146629bcf6
+#: fd51bae4f61d49a3b58bf37ceffdb9fe
+#: c2aa72806e8a46b190a5c995bfe73cb4
+#: 5b255e3aecb04129ad44edf63e1db2b9
+#: c9f12585f8974aeda0d0da84c3eba2e2
+#: 30dc6b38e0214208ae8b8c5bbd581ce7
+#: 298aeeb5f2f542a19d340eecf701ac36
+#: 764b4774f15b4fa69ebf933067aee70c
+#: e7833e50200c42c4a2bb825f333b126f
+#: a8d152df986e4418995aac2db1fabe22
+#: 3fbd31c8e87845e081a6fd930fcea34a
+#: ba29ae1d68e647249a876c7c466140cd
+#: eff68ea6bf914e6d9460a75a7b95df1d
+#: ee6547c1037c4daa8c7e47d8b293acfe
+msgid "❌"
+msgstr ""
+
+#: ../development/specifications.rst:68
+#: 53518997880f4f07b39da682993af4b6
+msgid "`Auth0`_"
+msgstr ""
+
+#: ../development/specifications.rst:68
+#: ../development/specifications.rst:78
+#: ../development/specifications.rst:80
+#: ../development/specifications.rst:88
+#: 4bb7beffd5744597b06495041c0e9a13
+#: 8dc3389193d94a8aac0dd2409f8e3201
+#: 36a2e73ac5924e40bd2647085e050940
+#: b02e82ee66624ae79ee49a62b551c186
+#: 2bcd9ba2cf8e46fc81f6c5dd24c4a9ee
+#: 4d3a8010d2334d8096d81a88597449d3
+#: df26d18da1524cf49f5f33a2cecb5bf6
+#: ec53c642971f4347a16eb6530e5f819e
+#: 7a90b30c977242f7aa46a5c08bf9d4b7
+msgid "❔"
+msgstr ""
+
+#: ../development/specifications.rst:70
+#: 9b22b3deecfa4382aaca36cb28817c8e
+msgid "`Authelia`_"
+msgstr ""
+
+#: ../development/specifications.rst:70
+#: ../development/specifications.rst:82
+#: da7968f0492b43f4a6665d1b129b2fd5
+#: 2d2b51ee61c74a9a90438d276e38c453
+msgid "Go"
+msgstr ""
+
+#: ../development/specifications.rst:70
+#: ../development/specifications.rst:82
+#: 8f3b5c500b2544248e05887895e067c9
+#: 8dcce8b1981249dab552acdfc8585636
+msgid "50k"
+msgstr ""
+
+#: ../development/specifications.rst:72
+#: c6e613a5ed0b4f649a3a03e43277d21a
+msgid "`Authentic2`_"
+msgstr ""
+
+#: ../development/specifications.rst:72
+#: f614cf3f446640fdb5569df25eab8e77
+msgid "65k"
+msgstr ""
+
+#: ../development/specifications.rst:74
+#: 6c51f85a594948dcbaeb0aad65c1280f
+msgid "`Authentik`_"
+msgstr ""
+
+#: ../development/specifications.rst:74
+#: 9f0ff320b7f84eba92f2ae5ca9f40178
+msgid "55k"
+msgstr ""
+
+#: ../development/specifications.rst:76
+#: 550458f7722d41d79719749d4a064c6e
+msgid "`CAS`_"
+msgstr ""
+
+#: ../development/specifications.rst:76
+#: ../development/specifications.rst:80
+#: ../development/specifications.rst:84
+#: 0e6eacfcc45b442cbb6565dc427e14ea
+#: 5a2c7ddf83984e1091f6da3e4c965269
+#: 16b8475565f5425caf749a61ba848778
+msgid "Java"
+msgstr ""
+
+#: ../development/specifications.rst:76
+#: 2226d6eecd7b4afbbc94909f72bbf30a
+msgid "360k"
+msgstr ""
+
+#: ../development/specifications.rst:78
+#: a90c6f2eb82c459baf20398845e55e07
+msgid "`Connect2id`_"
+msgstr ""
+
+#: ../development/specifications.rst:80
+#: d56e5f1e581a4aaa8cbc4ab09c75be81
+msgid "`Gluu`_"
+msgstr ""
+
+#: ../development/specifications.rst:82
+#: b9d37670e26d4e37afba75b9c8c2b870
+msgid "`Hydra`_"
+msgstr ""
+
+#: ../development/specifications.rst:84
+#: e14ff3876fb64d58a512790f856dc7d5
+msgid "`Keycloak`_"
+msgstr ""
+
+#: ../development/specifications.rst:84
+#: d7c0c274ec184995b9b92a268036e7a6
+msgid "600k"
+msgstr ""
+
+#: ../development/specifications.rst:86
+#: f36f2c4254104ba88bfd0b161b743716
+msgid "`LemonLDAP`_"
+msgstr ""
+
+#: ../development/specifications.rst:86
+#: 3cc4eb9ce6ab437aa60d1fe99a9b2c18
+msgid "Perl"
+msgstr ""
+
+#: ../development/specifications.rst:86
+#: 93b87c2ff8884d75b50d71df6807d844
+msgid "130k"
+msgstr ""
+
+#: ../development/specifications.rst:88
+#: e04aea3bf9ec4e5fb14d6b2da908f685
+msgid "`Okta`_"
+msgstr ""
diff --git a/doc/gettext/features.pot b/doc/gettext/features.pot
new file mode 100644
index 00000000..40279cde
--- /dev/null
+++ b/doc/gettext/features.pot
@@ -0,0 +1,597 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) 2024, Yaal Coop
+# This file is distributed under the same license as the canaille package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: canaille 0.0.56\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2024-11-22 16:20+0100\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../features.rst:9
+#: e1788d199fc64e57a43d7ebb153e05c9
+msgid "Features"
+msgstr ""
+
+#: ../features.rst:11
+#: 1e7418cec66f4b2db1f86d4a377f538f
+msgid "Here are the different features that Canaille provides. You can enable any of those features with the :doc:`configuration <references/configuration>` to fit any :doc:`use cases <usecases>` you may meet. Check our  :ref:`roadmap <features:Roadmap>` to see what is coming next."
+msgstr ""
+
+#: ../features.rst:15
+#: 4c66277e518f41539dbb0744ba1bfd12
+msgid "Users can interact with Canaille through its :ref:`web interface <features:Web interface>` and administrators can also use its :ref:`command line interface <features:Command line interface>`. Canaille can handle data stored in different :ref:`database backends <features:Backends>`."
+msgstr ""
+
+#: ../features.rst:19
+#: 305bf7e16c4d44c6a18aaa120bb0c8cd
+msgid "Web interface"
+msgstr ""
+
+#: ../features.rst:21
+#: 4089798492e546d1a7bf4606f554bdff
+msgid "Canaille web interface can be used either in :doc:`production environments <tutorial/deployment>` or locally for development purposes."
+msgstr ""
+
+#: ../features.rst:26
+#: 20ae09b8bd004ff68f64f36928c9fc98
+msgid "Profile management"
+msgstr ""
+
+#: ../features.rst:28
+#: ../features.rst:217
+#: e24a042cb118431a95add4f478a08262
+#: ebcbf54330ab47abb34d392667e229a7
+msgid "Profile"
+msgstr ""
+
+#: ../features.rst:33
+#: 7f9db47436344fe78b21670afaf77a83
+msgid "Canaille provides an interface to manage user profiles."
+msgstr ""
+
+#: ../features.rst:35
+#: 1341d4b0d2e0465cb8e2d0240a5b0f5e
+msgid "The exact list of displayed fields, and whether they are :attr:`writable <canaille.core.configuration.ACLSettings.WRITE>` or :attr:`read-only <canaille.core.configuration.ACLSettings.READ>` depends on the user :class:`Access Control List settings (ACL) <canaille.core.configuration.ACLSettings>`."
+msgstr ""
+
+#: ../features.rst:37
+#: 373496bfb0b64f4d89f22ccb1941f998
+msgid "Depending on their ACL :class:`permissions <canaille.core.configuration.Permission>`, users can either be allowed to edit their own profile, edit any user profile, or do nothing at all."
+msgstr ""
+
+#: ../features.rst:42
+#: afa6f6a849a142eca8e02e231505a43a
+msgid "Email confirmation"
+msgstr ""
+
+#: ../features.rst:44
+#: ba3009e49eb64aa483d430202bad3789
+msgid "If the :attr:`email confirmation feature <canaille.core.configuration.CoreSettings.EMAIL_CONFIRMATION>` is enabled, any modification or addition of a profile email will send a confirmation mail to the new address. The mail will contain a link that users will need to click on to confirm their email address."
+msgstr ""
+
+#: ../features.rst:46
+#: d58ee1760b684818925e094714dc23cc
+msgid "Users with :attr:`user management permission <canaille.core.configuration.Permission.MANAGE_USERS>` can set user emails without confirmation though."
+msgstr ""
+
+#: ../features.rst:51
+#: c2709b4b2fd24ca1bdf7e7ec2955beb1
+msgid "Group management"
+msgstr ""
+
+#: ../features.rst:53
+#: ../features.rst:140
+#: 6c2de058bb824823910158983258f354
+#: dccd011cfef14d3eb8980324288a4f62
+msgid "Group edition"
+msgstr ""
+
+#: ../features.rst:58
+#: a44da450bd454e9a99d52eab2a2561c8
+msgid "In a similar fashion than :ref:`profile management <feature_profile_management>` Canaille provides an interface to manage user groups."
+msgstr ""
+
+#: ../features.rst:60
+#: 84ff6fdd31e24c28ba5550a469342c5d
+msgid "The group management is quite simple at the moment and consists in a group name and description, and the list of its members. Group membership can be use as :attr:`ACL Filter <canaille.core.configuration.ACLSettings.FILTER>` to define user permissions."
+msgstr ""
+
+#: ../features.rst:63
+#: ../features.rst:83
+#: ../features.rst:149
+#: d95e01dbde7c46d597a37d02a4d8b949
+#: b14ee30b70144c37981fae3cfd113080
+#: 1260c7fd68074c2ebb723a49254df6d0
+msgid "Todo"
+msgstr ""
+
+#: ../features.rst:64
+#: 837aee8e92cf42c08e9f351b89e9995b
+msgid "At the moment adding an user to a group can only be achieved by the user settings page, but we are :issue:`working to improve this <192>`."
+msgstr ""
+
+#: ../features.rst:66
+#: f55808a8891c42e3ba8b16c77b785abf
+msgid "Group management can be enable with a :attr:`dedicated user permission <canaille.core.configuration.Permission.MANAGE_GROUPS>`."
+msgstr ""
+
+#: ../features.rst:69
+#: 16bab4e755fc47c28190b148b60fbd2e
+msgid "Due to limitations in the :ref:`LDAP backend <tutorial/databases:LDAP>`, groups must have at least one member. Thus it is not possible to remove the last user of a group without removing the group."
+msgstr ""
+
+#: ../features.rst:75
+#: fe65b8aafe6b49d0b7ac7564746c8b3a
+msgid "User authentication"
+msgstr ""
+
+#: ../features.rst:77
+#: c9f38668647c46c1a6eddbffc8bf55df
+msgid "Unless their account is :ref:`locked <feature_account_locking>`, users can authenticate with a login and a password."
+msgstr ""
+
+#: ../features.rst:81
+#: 68e57e4ac74a455c96f886ceee02b79e
+msgid "For security reasons, it won't be told to users if they try to sign in with an unexisting logging, unless explicitly :attr:`set in the configuration <canaille.core.configuration.CoreSettings.HIDE_INVALID_LOGINS>`."
+msgstr ""
+
+#: ../features.rst:83
+#: 5ac48ef797dd43c28e2e49f8eb23b5b2
+msgid ":ref:`LDAP backend <tutorial/databases:LDAP>` users can define which :class:`user field <canaille.core.models.User>` should be used as the login (such as :attr:`~canaille.core.models.User.user_name` or :attr:`~canaille.core.models.User.emails`) using a :attr:`configuration parameter <canaille.backends.ldap.configuration.LDAPSettings.USER_FILTER>`, but other backends can only login using :attr:`~canaille.core.models.User.user_name`. We are :issue:`working to improve this <196>`."
+msgstr ""
+
+#: ../features.rst:88
+#: 87ee6d88dc484fa7b2622e3ebe1445f5
+msgid "User registration"
+msgstr ""
+
+#: ../features.rst:90
+#: 2cd96a46a4df479499728c1bfdd2aba9
+msgid "Users can create accounts on Canaille if the feature :attr:`registration feature <canaille.core.configuration.CoreSettings.ENABLE_REGISTRATION>` is enabled. They will be able to fill a registration form with the fields detailed in the default :class:`ACL settings <canaille.core.configuration.ACLSettings>`."
+msgstr ""
+
+#: ../features.rst:92
+#: 457cfe757e81479bab21c3fa83e24be3
+msgid "If :attr:`email confirmation <canaille.core.configuration.CoreSettings.EMAIL_CONFIRMATION>` is also enabled, users will be sent a confirmation link to their email address, on which they will need to click in order to finalize their registration."
+msgstr ""
+
+#: ../features.rst:97
+#: ../features.rst:99
+#: 745d2713bf794b819c4265b90f54a7fb
+#: 3664d4ee087b416692a40457afedb6d7
+msgid "User invitation"
+msgstr ""
+
+#: ../features.rst:104
+#: a1c0482d19ea428e9ace61f8a234f084
+msgid "If a :class:`mail server <canaille.core.configuration.SMTPSettings>` is configured, users with :attr:`user management permission <canaille.core.configuration.Permission.MANAGE_USERS>` can create an invitation link for one user."
+msgstr ""
+
+#: ../features.rst:106
+#: 7ed7614611b24977b4ae04a799244bf6
+msgid "The link goes to a registration form, even if regular :ref:`user registration <feature_user_registration>` is disabled."
+msgstr ""
+
+#: ../features.rst:108
+#: 976b62801cd549748f032bec04f9e261
+msgid "It can be automatically sent by email to the new user."
+msgstr ""
+
+#: ../features.rst:113
+#: f7ea42c01191494185d9f191469aeef9
+msgid "Account locking"
+msgstr ""
+
+#: ../features.rst:115
+#: e2dcd91ac31548fc988012f47e58a595
+msgid "If Canaille is plugged to a :ref:`backend <features:Backends>` that supports it, user accounts can be locked by users with :attr:`user management permission <canaille.core.configuration.Permission.MANAGE_USERS>`. The lock date can be set instantly or at a given date in the future."
+msgstr ""
+
+#: ../features.rst:118
+#: cf42d819d5a547b88f371785e5165f90
+msgid "At the moment a user account is locked:"
+msgstr ""
+
+#: ../features.rst:120
+#: 9b640a69ba9a4c51b60e0f8c286697a4
+msgid "their open sessions will be closed;"
+msgstr ""
+
+#: ../features.rst:121
+#: 3189f0a7d03740a4b4f85cedd2347950
+msgid "they won't be able to sign in again;"
+msgstr ""
+
+#: ../features.rst:122
+#: 7da9546466a94f8a8978716a6d4d208f
+msgid "no new OIDC token will be issued;"
+msgstr ""
+
+#: ../features.rst:124
+#: 024942a1dbc74ab89c267e6caa47ed77
+msgid "User accounts must be manually unlocked by an administrator for the users to regain access to those actions."
+msgstr ""
+
+#: ../features.rst:129
+#: 4a9634c3b1f14180a3c3d7c9b40cb66d
+msgid "Account deletion"
+msgstr ""
+
+#: ../features.rst:131
+#: 8a6acf700c194e67b754ac900d4426b0
+msgid "Users with the :attr:`account deletion permission <canaille.core.configuration.Permission.DELETE_ACCOUNT>` are allowed to delete their own account."
+msgstr ""
+
+#: ../features.rst:133
+#: 8c30253b0d7d4fefa55c6f23ba5dd958
+msgid "Users that also have the :attr:`user management permission <canaille.core.configuration.Permission.MANAGE_USERS>` are also allowed to delete other users accounts."
+msgstr ""
+
+#: ../features.rst:138
+#: 2157cc891ec24dfab2496f60249f124c
+msgid "Password recovery"
+msgstr ""
+
+#: ../features.rst:145
+#: 7b467943f0d74722bcf4dcfc1c2f2631
+msgid "If a :class:`mail server <canaille.core.configuration.SMTPSettings>` is configured and the :attr:`password recovery feature <canaille.core.configuration.CoreSettings.ENABLE_PASSWORD_RECOVERY>` is enabled, then users can ask for a password reset email if they cannot remember their password."
+msgstr ""
+
+#: ../features.rst:147
+#: 5c12793163f64d8fafc24e284e955865
+msgid "The email will be sent to the email addresses filled in their profile, and will contain a link that will allow them to choose a new password. ."
+msgstr ""
+
+#: ../features.rst:151
+#: 467318f9369c4ecabf00c16ee551a46f
+msgid "Check that password recovery is disabled on locked accounts."
+msgstr ""
+
+#: ../features.rst:156
+#: 1880cb31e0894b5cb0ac81c5a8a60ffd
+msgid "Password reset"
+msgstr ""
+
+#: ../features.rst:158
+#: 6f845e2ecc974c26b00126f015f86825
+msgid "If a :class:`mail server <canaille.core.configuration.SMTPSettings>` is configured, :attr:`user management permission <canaille.core.configuration.Permission.MANAGE_USERS>` can send password reset mails to users. The mails contains a link that allow users to choose a new password without having to retrieve the old one."
+msgstr ""
+
+#: ../features.rst:164
+#: fb069d5c78f54166b31db5c9adb512dc
+msgid "Password initialization"
+msgstr ""
+
+#: ../features.rst:166
+#: ea105163dbbd485ea023aae10de2a712
+msgid "User :attr:`passwords <canaille.core.models.User.password>` are optional. If a :class:`mail server <canaille.core.configuration.SMTPSettings>` is configured, when users with no password attempt to sign in, they are invited to click a button that will send them a password initialization mail. The mail contains a link that leads to a form that allows users to choose a password."
+msgstr ""
+
+#: ../features.rst:173
+#: f257819892334c3f81eb1f6ae42f8e60
+msgid "Password compromission check"
+msgstr ""
+
+#: ../features.rst:175
+#: 61d91ab9494a4c0d914e459319a0282c
+msgid "If :attr:`password compromission check feature <canaille.core.configuration.CoreSettings.ENABLE_PASSWORD_COMPROMISSION_CHECK>` is enabled, Canaille will check for password compromise on HIBP (https://haveibeenpwned.com/) every time a new password is register. You will need to set an :attr:`admin email <canaille.core.configuration.CoreSettings.ADMIN_EMAIL>`."
+msgstr ""
+
+#: ../features.rst:180
+#: 29552f6a6ac647cda927893982632593
+msgid "Internationalization"
+msgstr ""
+
+#: ../features.rst:182
+#: 87f1270c1d654364a64698e9ba85f9c8
+msgid "Translation state"
+msgstr ""
+
+#: ../features.rst:187
+#: db80a74dd2374b5ab82acd1395466acb
+msgid "Canaile will display in your :attr:`preferred language <canaille.core.models.User.preferred_language>` if available, or your browser language if available (and if it is not you can :ref:`help us with the translation <development/contributing:Code translation>`). If you prefer, you can also :attr:`force a language <canaille.core.configuration.CoreSettings.FAVICON>` for every users."
+msgstr ""
+
+#: ../features.rst:193
+#: 272a97d52dd94e849318a88f5d291bd3
+msgid "Lightweight"
+msgstr ""
+
+#: ../features.rst:195
+#: cb18163171c94d75a86e3aa050270386
+msgid "The web interface is lightweight, so everything should load quickly. There is a few Javascript here and there to smooth the experience, but no Javascript at all is needed to use Canaille."
+msgstr ""
+
+#: ../features.rst:199
+#: 3e23d82d021240908b93d8411ed1ece3
+msgid "Customizable"
+msgstr ""
+
+#: ../features.rst:201
+#: fd82c1315d864619b45e2be1c39e4ce0
+msgid "The default theme should be good enough for most usages. It has a dark theme, display well on mobile, and let you choose a :attr:`logo <canaille.core.configuration.CoreSettings.LOGO>` and a :attr:`favicon <canaille.core.configuration.CoreSettings.FAVICON>`."
+msgstr ""
+
+#: ../features.rst:204
+#: 7e18858db0a1427985a8846bd9b6c692
+msgid "If you need more you can also use a :attr:`custom theme <canaille.core.configuration.CoreSettings.THEME>`."
+msgstr ""
+
+#: ../features.rst:209
+#: 50efea7d1e594de1bc1d59fadc67fc3a
+msgid "OpenID Connect"
+msgstr ""
+
+#: ../features.rst:211
+#: 34e2ceb8a70d42de83f1a3719ff10df5
+msgid "Canaille implements a :ref:`subset<development/specifications:State of the specs in Canaille>` of the OAuth2/OpenID Connect specifications . This allows to provide :abbr:`SSO (Single Sign-On)` and :abbr:`SLO (Single Log-On)` to applications plugged to Canaille."
+msgstr ""
+
+#: ../features.rst:215
+#: 91e1188aadaf45159560f74f9da4654b
+msgid "Consent management"
+msgstr ""
+
+#: ../features.rst:223
+#: ce4ab8d14f3d44328c3d6738ef4b72b4
+msgid "Users can give their consent to application requesting access to their personal information, and then revoke those consent at their will."
+msgstr ""
+
+#: ../features.rst:227
+#: b743768476604fe29330ceedb3aa147a
+msgid "Application management"
+msgstr ""
+
+#: ../features.rst:229
+#: 3fcb303af84041ab9d762a6a14590fac
+msgid "Users with the right :attr:`permission <canaille.core.configuration.Permission.MANAGE_OIDC>` can manager OIDC clients through the web interface."
+msgstr ""
+
+#: ../features.rst:231
+#: c5352dd05bb5432292db0ce2d16855dd
+msgid "In some cases, it might be useful to avoid the consent page for some trusted applications, so clients can be pre-consented."
+msgstr ""
+
+#: ../features.rst:234
+#: 1fa4e2a5218a42cfbe8d497af109ddd3
+msgid "Discovery"
+msgstr ""
+
+#: ../features.rst:236
+#: 319e92a6c8854c8681f7a0e53828bff5
+msgid "Canaille implements the :doc:`Discovery specifications <development/specifications>` so most of the applications plugged to Canaille can auto-configure themselves."
+msgstr ""
+
+#: ../features.rst:239
+#: 4dac1f51d4404a0ebf8ad2d4dfd0f664
+msgid "Dynamic Client Registration"
+msgstr ""
+
+#: ../features.rst:241
+#: 2e3491e375a4467f871e0de3120711ce
+msgid "Canaille implements the :doc:`Dynamic Client Registration specifications <development/specifications>`, so when the :attr:`feature is enabled <canaille.oidc.configuration.OIDCSettings.DYNAMIC_CLIENT_REGISTRATION_OPEN>`, clients can register themselves on Canaille without an administrator intervention."
+msgstr ""
+
+#: ../features.rst:246
+#: 588c18f0f44d4eb5a4c999c5a3db635e
+msgid "Command Line Interface"
+msgstr ""
+
+#: ../features.rst:248
+#: f0fd8f52fb4f477680527412562a2ba6
+msgid "Canaille comes with a :abbr:`CLI (Command Line Interface)` to help administrators in hosting and management."
+msgstr ""
+
+#: ../features.rst:250
+#: 73ac4592e1fe4a51803b75c969304bc9
+msgid "There are tools to :ref:`check your configuration <cli_check>` or to :ref:`install missing parts <cli_install>`. You can use the CLI to :ref:`create <cli_create>`, :ref:`read <cli_get>`, :ref:`update <cli_set>` and :ref:`delete <cli_delete>` models such as :class:`users <canaille.core.models.User>`, :class:`groups <canaille.core.models.Group>` or  :class:`OIDC clients <canaille.oidc.basemodels.Client>`."
+msgstr ""
+
+#: ../features.rst:253
+#: 3091d85977eb49449c76e0ae370745e4
+msgid "There are also tools to :ref:`fill your database <cli_populate>` with random objects, for tests purpose for instance."
+msgstr ""
+
+#: ../features.rst:258
+#: 926c15a2beb84a3b9e2030c4bc1a4908
+msgid "Backends"
+msgstr ""
+
+#: ../features.rst:260
+#: 1d759a49a5644275acce4f8db74f9a5e
+msgid "Canaille can handle data from the most :ref:`common SQL databases <tutorial/databases:SQL>` such as PostgreSQL, MariaDB or SQLite, as well as :ref:`OpenLDAP <tutorial/databases:LDAP>`. It also comes with a no-dependency :ref:`in-memory database <tutorial/databases:Memory>` that can be used in unit tests suites."
+msgstr ""
+
+#: ../features.rst:264
+#: 85b359d50f3b45159f1d7176d7014e51
+msgid "Miscellaneous"
+msgstr ""
+
+#: ../features.rst:269
+#: 0d0372c98187494ba9babc558530836c
+msgid "Logging"
+msgstr ""
+
+#: ../features.rst:271
+#: 775c89c8b1c548bdaec973472e999fa4
+msgid "Canaille writes :attr:`logs <canaille.core.configuration.CoreSettings.LOGGING>` for every important event happening, to help administrators understand what is going on and debug funky situations."
+msgstr ""
+
+#: ../features.rst:273
+#: 450c5e7c7d7749e99d9fc3fe74e0ee6e
+msgid "The following security events are logged with the tag [SECURITY] for easy retrieval :"
+msgstr ""
+
+#: ../features.rst:275
+#: 1408c454db794023be5e18cde821cde2
+msgid "Authentication attempt"
+msgstr ""
+
+#: ../features.rst:276
+#: 2a1ab369f4a243e2b2e3463e3326c008
+msgid "Password update"
+msgstr ""
+
+#: ../features.rst:277
+#: b1875faad85842ac9fcc11d2c5c03f4a
+msgid "Email update"
+msgstr ""
+
+#: ../features.rst:278
+#: 0389b72f9c6a4854ab50ba113554be9b
+msgid "Forgotten password mail sent to user"
+msgstr ""
+
+#: ../features.rst:279
+#: 0c919d1f72b04296ac420b405b921b93
+msgid "Token emission"
+msgstr ""
+
+#: ../features.rst:280
+#: 164105d22820445186f8086c1e1ac7c1
+msgid "Token refresh"
+msgstr ""
+
+#: ../features.rst:281
+#: fc590a8611554c04948cc44bbf5b05d4
+msgid "Token revokation"
+msgstr ""
+
+#: ../features.rst:282
+#: f7aa2b3de26a4f63a4c35495a6ee4e6e
+msgid "New consent given for client application"
+msgstr ""
+
+#: ../features.rst:283
+#: 63403d81399c469792d50f1c9790d44e
+msgid "Consent revokation"
+msgstr ""
+
+#: ../features.rst:288
+#: 56e96a06cfbf456fb59d3556217b5e8e
+msgid "A tool for your development and tests"
+msgstr ""
+
+#: ../features.rst:290
+#: 0c7e31abb1c14302a691f26ef8cab38c
+msgid "Thanks to its lightweight :ref:`in-memory database <tutorial/databases:Memory>` and its curated :ref:`dependency list <tutorial/install:Get the code>`, Canaille can be used in the unit test suite of your application, so you can check how it behaves against a real world OpenID Connect server. If you work with python you might want to check :doc:`pytest-iam:index`."
+msgstr ""
+
+#: ../features.rst:292
+#: 963770fd6ca14be884153c0568d614d4
+msgid "It can also being launched in your development environment, if you find that launching a Keycloak in a Docker container is too heavy for your little web application."
+msgstr ""
+
+#: ../features.rst:294
+#: 9d9dafd256e94acaad9ea1108cb891a0
+msgid "It also fits well in continuous integration scenarios. Thanks to its :ref:`CLI <feature_cli>`, you can prepare data in Canaille, let your application interact with it, and then check the side effects."
+msgstr ""
+
+#: ../features.rst:297
+#: 067e9134dbcf4d698f5cc98da46f6b1c
+msgid "Roadmap"
+msgstr ""
+
+#: ../features.rst:300
+#: 765ec40933cd4b418974dd5660825afd
+msgid "Bêta version"
+msgstr ""
+
+#: ../features.rst:302
+#: 44f40979b69f4a0591f095ea5e9ffc60
+msgid "To go out of the current Alpha version we want to achieve the following tasks:"
+msgstr ""
+
+#: ../features.rst:304
+#: 306d82fcd6e34e7e903a3c33b18fa496
+msgid ":issue:`Configuration validation using pydantic <138>`"
+msgstr ""
+
+#: ../features.rst:307
+#: 348486c826e54c7394312f9b65c91ca7
+msgid "Stable version"
+msgstr ""
+
+#: ../features.rst:309
+#: dc50e5b244a54791b0ce5013500f2bdd
+msgid "Before we push Canaille in stable version we want to achieve the following tasks:"
+msgstr ""
+
+#: ../features.rst:312
+#: e88bf894b0e04926a03542e927a1b9ad
+msgid "Security"
+msgstr ""
+
+#: ../features.rst:314
+#: e28ca32444eb44ae9b0a6e59b5d0ac31
+msgid ":issue:`Password hashing configuration <175>`"
+msgstr ""
+
+#: ../features.rst:315
+#: 37dc1f0a3869424ab0d6da0c039f123f
+msgid ":issue:`Authentication logging policy <177>`"
+msgstr ""
+
+#: ../features.rst:316
+#: 28792af06fb34fd5ab534d2d065c2883
+msgid ":issue:`Intruder lockout <173>`"
+msgstr ""
+
+#: ../features.rst:317
+#: 2eb8507407104b29ae8bb00ca646b829
+msgid ":issue:`Password expiry policy <176>`"
+msgstr ""
+
+#: ../features.rst:318
+#: 8999fd2b2d08417aa28414f115d5fda5
+msgid ":issue:`Multi-factor authentication: Email <47>`"
+msgstr ""
+
+#: ../features.rst:319
+#: 76998f3ace9c4c588e795331365c99f2
+msgid ":issue:`Multi-factor authentication: SMS <47>`"
+msgstr ""
+
+#: ../features.rst:320
+#: 8a26920b728649d0a8b9ba9c8f98427f
+msgid ":issue:`Multi-factor authentication: OTP <47>`"
+msgstr ""
+
+#: ../features.rst:323
+#: 1f172cb3b12d4d9ebed5abf0099dcb34
+msgid "Packaging"
+msgstr ""
+
+#: ../features.rst:325
+#: 532f4871f18f4189bc19d70d6729aceb
+msgid ":issue:`Nix package <190>`"
+msgstr ""
+
+#: ../features.rst:326
+#: e8a280bfd47e47baace28606f80d51ba
+msgid ":issue:`Docker / OCI package <59>`"
+msgstr ""
+
+#: ../features.rst:329
+#: 16dd9a8f89b94812b315074f2122bd0d
+msgid "And beyond"
+msgstr ""
+
+#: ../features.rst:331
+#: a25457408aae440384cea5ac85dbf68f
+msgid ":issue:`OpenID Connect certification <182>`"
+msgstr ""
+
+#: ../features.rst:332
+#: c251e6812fbe41daa724a3e41de2795f
+msgid ":issue:`SCIM support <116>`"
+msgstr ""
diff --git a/doc/gettext/index.pot b/doc/gettext/index.pot
new file mode 100644
index 00000000..5191ff1d
--- /dev/null
+++ b/doc/gettext/index.pot
@@ -0,0 +1,97 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) 2024, Yaal Coop
+# This file is distributed under the same license as the canaille package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: canaille 0.0.56\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2024-11-22 16:20+0100\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../index.rst:15
+#: 73ace75ab0614252bcdf4b38427a6bbe
+msgid "Lightweight Identity and Authorization Management"
+msgstr ""
+
+#: ../index.rst:19
+#: 51406a546f1944abb1f60d21591b8da6
+msgid "**Canaille** is a French word meaning *rascal*. It is roughly pronounced **Can I?**, as in *Can I access your data?* Canaille is a lightweight identity and authorization management software. It aims to be very light, simple to install and simple to maintain. Its main features are :"
+msgstr ""
+
+#: ../index.rst:27
+#: 8ce19e6702f74a9d846822da4e95cd05
+msgid "Profile management"
+msgstr ""
+
+#: ../index.rst:31
+#: 69855370f33846c6beb1d9f8141c9da5
+msgid "User profile and groups management, Basic permissions"
+msgstr ""
+
+#: ../index.rst:34
+#: 76c5bf395a1c4e5d84450804af9408fc
+msgid "User authentication"
+msgstr ""
+
+#: ../index.rst:38
+#: 8482faeb12174d9186e34291c5d03ac9
+msgid "Authentication, registration, email confirmation, \"I forgot my password\" emails"
+msgstr ""
+
+#: ../index.rst:40
+#: 0e50a42ab7744344a33d3dcfac6d8e09
+msgid "SSO"
+msgstr ""
+
+#: ../index.rst:44
+#: 8de8aed898404726ad012faf46986847
+msgid "OpenID Connect identity provider"
+msgstr ""
+
+#: ../index.rst:46
+#: af19bc8e23374e43b47b764ead0e7718
+msgid "Multi-database support"
+msgstr ""
+
+#: ../index.rst:50
+#: 71baa0d1d0fc4c9d9d748133495b0141
+msgid "PostgreSQL, Mariadb and OpenLDAP first-class citizenship"
+msgstr ""
+
+#: ../index.rst:52
+#: 8e0020b8e0324b6fa5728ceac3acad78
+msgid "Customization"
+msgstr ""
+
+#: ../index.rst:56
+#: f324ccfc4a7e4e4dbe6cd7d2fa2dca24
+msgid "Put Canaille at yours colors by choosing a logo or use a custom theme!"
+msgstr ""
+
+#: ../index.rst:58
+#: 9a6d1f33fa9641d7b71944454c84d819
+msgid "Developers friendliness"
+msgstr ""
+
+#: ../index.rst:62
+#: b474739321e84bc684d5fe1cd536d5b8
+msgid "Canaille can easily fit in your unit tests suite or in your Continuous Integration."
+msgstr ""
+
+#: ../index.rst:66
+#: be4a6a405d2b40dc86b55103e99277ba
+msgid ":doc:`Full feature list <features>`"
+msgstr ""
+
+#: ../index.rst:70
+#: 2f91d5ac3db248bd9905419c6ebfee68
+msgid "Documentation"
+msgstr ""
diff --git a/doc/gettext/locales/readme.pot b/doc/gettext/locales/readme.pot
new file mode 100644
index 00000000..ca523b42
--- /dev/null
+++ b/doc/gettext/locales/readme.pot
@@ -0,0 +1,52 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) 2024, Yaal Coop
+# This file is distributed under the same license as the canaille package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: canaille 0.0.56\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2024-11-22 16:20+0100\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../locales/readme.rst:1
+#: 81c6815493714f6a873d6e86dc1a9c63
+msgid "Documentation translation Translations are done with `Weblate <https://hosted.weblate.org/projects/canaille/canaille>`_."
+msgstr ""
+
+#: ../locales/readme.rst:4
+#: 87be09ce203040c2ade86291e682ff90
+msgid "The following commands are there as documentation, only the message extraction and the language addition is needed for contributors."
+msgstr ""
+
+#: ../locales/readme.rst:7
+#: 3bdfd8ba97e8414aa5c6cc81b43178a5
+msgid "Message extraction"
+msgstr ""
+
+#: ../locales/readme.rst:9
+#: 3b8b9e1408da403e9cdd7a3fb0cf90d8
+msgid "After you have edited translatable strings, you should extract the messages with:"
+msgstr ""
+
+#: ../locales/readme.rst:16
+#: b581058879de400ca67dde307da1912a
+msgid "Language addition"
+msgstr ""
+
+#: ../locales/readme.rst:18
+#: dab59f2e8ae44091a03cd2c554501487
+msgid "You can add a new language manually with the following command, however this should not be needed as Weblate takes car of this:"
+msgstr ""
+
+#: ../locales/readme.rst:25
+#: 348dad0adb834ca0a1cf2e7ffea89f8a
+msgid "Build the documentation in another language"
+msgstr ""
diff --git a/doc/gettext/references/commands.pot b/doc/gettext/references/commands.pot
new file mode 100644
index 00000000..e79d6d36
--- /dev/null
+++ b/doc/gettext/references/commands.pot
@@ -0,0 +1,366 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) 2024, Yaal Coop
+# This file is distributed under the same license as the canaille package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: canaille 0.0.56\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2024-11-22 16:20+0100\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../references/commands.rst:2
+#: 578e5808cb99489e9808bf26f84831ea
+msgid "Command Line Interface"
+msgstr ""
+
+#: ../references/commands.rst:4
+#: 5a95d4c76b7b4692af568a958071ab9d
+msgid "Canaille provide several commands to help administrator manage their data."
+msgstr ""
+
+#: ../references/commands.rst:6
+#: 8f0f875b47a54e6e8911c751fb6872e8
+msgid "Generally, some configuration has to be loaded by `Canaille`. This can be achieved by :ref:`configuration loading method<references/configuration:Load the configuration>` available, but most of the time a ``CONFIG`` environment variable is used. For the sake of readability, it is omitted in the following examples."
+msgstr ""
+
+#: ../../canaille check:1
+#: dd0149729dc94239aed0af8d269dd418
+msgid "Test the configuration file."
+msgstr ""
+
+#: ../../canaille check:1
+#: 64fdd2232e6d405c9adbe11ddda10166
+msgid "Attempt to reach the database and the SMTP server with the provided credentials."
+msgstr ""
+
+#: ../../canaille clean:1
+#: 403b7781c30c4da58642667b26f9da55
+msgid "Remove expired tokens and authorization codes."
+msgstr ""
+
+#: ../../canaille install:1
+#: 9a6a207fe3ed4c7caffaaa4e5842fe02
+msgid "Installs canaille elements from the configuration."
+msgstr ""
+
+#: ../../canaille install:1
+#: 28c0bafefd7a42b7b247fa53ac641d4a
+msgid "For instance, depending on the configuration, this can generate OIDC keys or install LDAP schemas."
+msgstr ""
+
+#: ../../canaille populate:1
+#: 17d8b25dd51b42d5b32e343d1b4b44a9
+msgid "Populate the database with generated random data."
+msgstr ""
+
+#: ../references/commands.rst:0
+#: df7a3b4065244eb985f167583bf79d2c
+#: 10cb918ea05043929ba9cd9564ed5f3d
+#: aa7d87d3e6f647fa890560fd9096598b
+#: 9a2406777231461887cb7e76f3c0d470
+#: 84db04b30f9147e19f984bdaa49fe0fd
+#: f28f03fb7525446da298d805a01522d1
+#: 8506da751b21413fadc94d7bae19e387
+#: 1914dd13a47d4a778fb3f7c6d27e9aac
+#: d8c57a57c6c34d32a014fa466d8ee489
+#: 3059756528734dffb3d53c627edb9437
+#: cab60c25e07542a6908f059f31c77482
+#: ff6f04fe5ee944febc001fbffb1e5a30
+#: f8fe3d8b27884fe0a5b8c68cb3195b97
+#: 9b1086b74f9f4f15aae8f7174cc82fc4
+#: 00701bc7173f421aafe574606d46691e
+#: 5e7e4cdd8d664830a6d158e240b545c2
+#: 08bf63ad7771452cb070d2c2c7b8b568
+#: d71b61d168d443ac94f30e1aaf07e55f
+#: 93f79c7403074b0aac095f59df49b451
+#: bd21ceb952184931b1e198854fe9b031
+msgid "Options"
+msgstr ""
+
+#: ../../canaille populate:1
+#: a5bbf04166c049b3b9c315b02e311d6c
+msgid "Number of items to create"
+msgstr ""
+
+#: ../../canaille populate groups:1
+#: fa0ab4817a63487b929828c2e97373c1
+msgid "Populate the database with generated random groups."
+msgstr ""
+
+#: ../../canaille populate groups:1
+#: 5e6f489028a4446a8b507e422646fee8
+msgid "The maximum number of users that will randomly be affected in the group"
+msgstr ""
+
+#: ../../canaille populate users:1
+#: b0ccb196ccc549c7a57e03466d184b1b
+msgid "Populate the database with generated random users."
+msgstr ""
+
+#: ../../canaille get:1
+#: 37a97a0a6d98414e930446cfce3fefd0
+msgid "Read information about models."
+msgstr ""
+
+#: ../../canaille get:1
+#: 2fdd2c44ff8342c5b9dc3a122fc56d32
+msgid "Options can be used to filter models::"
+msgstr ""
+
+#: ../../canaille get:1
+#: 3466ddbfd1264c01a53a83d711a66146
+msgid "Displays the matching models in JSON format in the standard output."
+msgstr ""
+
+#: ../../canaille get authorizationcode:1
+#: 9475ba0522be4715ba147caf0e0debd8
+msgid "Search for authorizationcodes and display the matching models as JSON."
+msgstr ""
+
+#: ../../canaille get client:1
+#: 31b8bbe27ff64f0da9e1684d3f048472
+msgid "Search for clients and display the matching models as JSON."
+msgstr ""
+
+#: ../../canaille get consent:1
+#: 0be75cef5f6448ee81cfa44b378517ce
+msgid "Search for consents and display the matching models as JSON."
+msgstr ""
+
+#: ../../canaille get group:1
+#: 9544c3af476441398e9a7dcbfd0d9c7a
+msgid "Search for groups and display the matching models as JSON."
+msgstr ""
+
+#: ../../canaille get token:1
+#: 030ae9dcd3a143e9b1b19397c35d8b2f
+msgid "Search for tokens and display the matching models as JSON."
+msgstr ""
+
+#: ../../canaille get user:1
+#: 44dbe3502761468e8d2e29fa7f10f0d6
+msgid "Search for users and display the matching models as JSON."
+msgstr ""
+
+#: ../../canaille set:1
+#: 0af6277cc0874cefbd5fb0182d80d396
+msgid "Update models."
+msgstr ""
+
+#: ../../canaille set:1
+#: 72e13923d1454286b7367854fbec4e35
+msgid "The command takes an model ID and edit one or several attributes::"
+msgstr ""
+
+#: ../../canaille set:1
+#: d4f17ca6c53b40afb034134ffc118361
+msgid "Displays the edited model in JSON format in the standard output."
+msgstr ""
+
+#: ../../canaille set authorizationcode:1
+#: 4a23a7b2d8be45658f2eed6017194fba
+msgid "Update a authorizationcode and display the edited model in JSON format in the standard output."
+msgstr ""
+
+#: ../../canaille delete authorizationcode:1
+#: ../../canaille set authorizationcode:1
+#: 1bbb5cada3624f8aa2922939002323ae
+#: 5609a4557fff4e54a9fccabfddf5826e
+msgid "IDENTIFIER should be a authorizationcode id or authorization_code_id"
+msgstr ""
+
+#: ../references/commands.rst:0
+#: de8b06da947f4e23ba6727914cad6bb1
+#: fd47034cde92425f9f8bdb2393bf5460
+#: f8406bb87a054f629fd7cf5b07e9c3b6
+#: fdcf900e6c864eb4820f880f881a8b4f
+#: f524d61a7560403fa67d84b521b5420c
+#: 18b42ed5ae9b4a1b898866ba3cd7c098
+#: 7cbe82d6bd5b46919644b6d71984dc97
+#: 60e9504afe9e4c78b4181fd5481122c6
+#: 0dceb5df88e34fbc8332c8d8f641ab21
+#: d8105a54c6bf4353b614c9fd73859d45
+#: b6820eac28db47ab99be5b1ba431fa33
+#: d5fbab6b8b134648bcfa3ef1ac71ecc5
+msgid "Arguments"
+msgstr ""
+
+#: ../../canaille delete authorizationcode:1
+#: ../../canaille delete client:1
+#: ../../canaille delete consent:1
+#: ../../canaille delete group:1
+#: ../../canaille delete token:1
+#: ../../canaille delete user:1
+#: ../../canaille set authorizationcode:1
+#: ../../canaille set client:1
+#: ../../canaille set consent:1
+#: ../../canaille set group:1
+#: ../../canaille set token:1
+#: ../../canaille set user:1
+#: 6fa9d671478f4b0cb6a4335319aff6bc
+#: a4d8ffc45b5d455baa74d311e77cb0cc
+#: 06fdebc0ceaf42158ac034ba2f1fd5d5
+#: 821e6c57ca8a4c4b9543e569188ea90b
+#: ab251b3b601749e5ba8b449fa1f14e63
+#: e55c02eadb204bb9a9c03a8a1e37c0e0
+#: f3944ed8e87b432ca151e011c9eb2220
+#: 8aa832eba5aa4098ade467d1ffd2ea6d
+#: 91880f396bf64569ac8c1f4f3f2aca0f
+#: a2797259ebe548ee9f8d4528edfcef44
+#: 9cdac19055ca44318c473fa3bc620a43
+#: 217ddbe62c8c48a49ec792c9581b548d
+msgid "Required argument"
+msgstr ""
+
+#: ../../canaille set client:1
+#: c6fb20a6a9b04bb9ae7fa6930bd0e428
+msgid "Update a client and display the edited model in JSON format in the standard output."
+msgstr ""
+
+#: ../../canaille delete client:1
+#: ../../canaille set client:1
+#: a80bc63347194218987d36e8f7d79e40
+#: d219305e46a444f0b731ad5b73e79f2d
+msgid "IDENTIFIER should be a client id or client_id"
+msgstr ""
+
+#: ../../canaille set consent:1
+#: a651d44dec284d32b9e11bca8c0082be
+msgid "Update a consent and display the edited model in JSON format in the standard output."
+msgstr ""
+
+#: ../../canaille delete consent:1
+#: ../../canaille set consent:1
+#: 69e2a6ee623f45c1a39b0fbdf948e15f
+#: 6ba4152a82744f9b808e9947a943103f
+msgid "IDENTIFIER should be a consent id or consent_id"
+msgstr ""
+
+#: ../../canaille set group:1
+#: 7c9d22883354416a85d50f7410327d4f
+msgid "Update a group and display the edited model in JSON format in the standard output."
+msgstr ""
+
+#: ../../canaille delete group:1
+#: ../../canaille set group:1
+#: 9003e3f7ae3249ecb5084845becb33f2
+#: 31af71d5aaf74cb7b660614b3e1682ef
+msgid "IDENTIFIER should be a group id or display_name"
+msgstr ""
+
+#: ../../canaille set token:1
+#: deae6ee4325d4a99809f77fc2436562a
+msgid "Update a token and display the edited model in JSON format in the standard output."
+msgstr ""
+
+#: ../../canaille delete token:1
+#: ../../canaille set token:1
+#: 990488adf77741cbadcbea5c85e6741c
+#: 42483c1821a14a178b105f181946e188
+msgid "IDENTIFIER should be a token id or token_id"
+msgstr ""
+
+#: ../../canaille set user:1
+#: 5a2cf62efa9747429cfa9bf1cdf25b58
+msgid "Update a user and display the edited model in JSON format in the standard output."
+msgstr ""
+
+#: ../../canaille delete user:1
+#: ../../canaille set user:1
+#: c8550e9dc18646d294c8d797cb5d166d
+#: 9d649644572049378cd901b26b4b42f3
+msgid "IDENTIFIER should be a user id or user_name"
+msgstr ""
+
+#: ../../canaille create:1
+#: 876b9c46071040a083e7720fd1030ab9
+msgid "Create models."
+msgstr ""
+
+#: ../../canaille create:1
+#: 3b4c98b2ff45430f916dcaf1bd54da4c
+msgid "The model attributes can be passed as command options::"
+msgstr ""
+
+#: ../../canaille create:1
+#: 2ff64e0da89645b1820fba732d6098c9
+msgid "Displays the created model in JSON format in the standard output."
+msgstr ""
+
+#: ../../canaille create authorizationcode:1
+#: a4a59533bbb141cb9c8cebd78f71ab9d
+msgid "Create a new authorizationcode and display the created model in JSON format in the standard output."
+msgstr ""
+
+#: ../../canaille create client:1
+#: c2df315512ed4bc994164ce5283e17a0
+msgid "Create a new client and display the created model in JSON format in the standard output."
+msgstr ""
+
+#: ../../canaille create consent:1
+#: 4d1193abf1814ba48fdb0c6ab1a7ed32
+msgid "Create a new consent and display the created model in JSON format in the standard output."
+msgstr ""
+
+#: ../../canaille create group:1
+#: 2e32891340704090850f8f169b142aae
+msgid "Create a new group and display the created model in JSON format in the standard output."
+msgstr ""
+
+#: ../../canaille create token:1
+#: 3a965857a34e4c89b46f554d42e0ce5b
+msgid "Create a new token and display the created model in JSON format in the standard output."
+msgstr ""
+
+#: ../../canaille create user:1
+#: 9e30ed9353764ad986f7009e352a4e23
+msgid "Create a new user and display the created model in JSON format in the standard output."
+msgstr ""
+
+#: ../../canaille delete:1
+#: 73aa4dc76f2d4b558bef94fb74c89926
+msgid "Delete models."
+msgstr ""
+
+#: ../../canaille delete:1
+#: 4e8dfe57593e4037a3af361c27a3fe2c
+msgid "The command takes a model ID and deletes it::"
+msgstr ""
+
+#: ../../canaille delete authorizationcode:1
+#: e252f5665c1d4beeadbc8e02a5616c52
+msgid "Delete a authorizationcode."
+msgstr ""
+
+#: ../../canaille delete client:1
+#: 9289cd0e6ea7448ea6d79efd656f4c93
+msgid "Delete a client."
+msgstr ""
+
+#: ../../canaille delete consent:1
+#: d2daf152e4a24521bbbd75a6cc2377ca
+msgid "Delete a consent."
+msgstr ""
+
+#: ../../canaille delete group:1
+#: 2e8bfb99cf0c48beb2da339112cef4c4
+msgid "Delete a group."
+msgstr ""
+
+#: ../../canaille delete token:1
+#: 0752e5025f47410bbd89191f2acb59c8
+msgid "Delete a token."
+msgstr ""
+
+#: ../../canaille delete user:1
+#: 7f1e103d1a9947949c4e310bbec9d067
+msgid "Delete a user."
+msgstr ""
diff --git a/doc/gettext/references/configuration.pot b/doc/gettext/references/configuration.pot
new file mode 100644
index 00000000..9b90b4db
--- /dev/null
+++ b/doc/gettext/references/configuration.pot
@@ -0,0 +1,743 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) 2024, Yaal Coop
+# This file is distributed under the same license as the canaille package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: canaille 0.0.56\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2024-11-22 16:20+0100\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../references/configuration.rst:2
+#: 07e02385c0d6432ab9c14b6e4f337af8
+msgid "Configuration"
+msgstr ""
+
+#: ../references/configuration.rst:5
+#: a1053f4eb992434b84a915715996fa05
+msgid "Load the configuration"
+msgstr ""
+
+#: ../references/configuration.rst:7
+#: afb6641a9aa244af864832fe5e28377a
+msgid "Canaille can be configured either by a environment variables, environment file, or by a configuration file."
+msgstr ""
+
+#: ../references/configuration.rst:10
+#: 64f630215963443eb439fc9555170837
+msgid "Configuration file"
+msgstr ""
+
+#: ../references/configuration.rst:12
+#: 4dec0a2c267d431d983bff67a10565eb
+msgid "The configuration can be written in `toml` configuration file which path is passed in the :envvar:`CONFIG` environment variable."
+msgstr ""
+
+#: ../../canaille/app/configuration.py:docstring of canaille.app.configuration.RootSettings:11
+#: ../references/configuration.rst:14
+#: ../references/configuration.rst:85
+#: a2f425a7d72f45cfbd6a46b4dd8a9f9f
+#: 1af4b0570ada4659b6cef8e0fde5913b
+#: 262461d38ee1406cabdcb7c057b886ab
+msgid "config.toml"
+msgstr ""
+
+#: ../references/configuration.rst:26
+#: d3f0be05e30a46249a2a9b6e35010ab7
+msgid "You can have a look at the :ref:`example file <references/configuration:Example file>` for inspiration."
+msgstr ""
+
+#: ../references/configuration.rst:29
+#: 167c6ee110d3498dbcff07e2fb461fa1
+msgid "Environment variables"
+msgstr ""
+
+#: ../references/configuration.rst:31
+#: 96c443e1ad6d4387afb03fbc61cd40cf
+msgid "In addition, parameters that have not been set in the configuration file can be read from environment variables. The way environment variables are parsed can be read from the `pydantic-settings documentation <https://docs.pydantic.dev/latest/concepts/pydantic_settings/#parsing-environment-variable-values>`_."
+msgstr ""
+
+#: ../references/configuration.rst:36
+#: 22ef6ff87d78491e815bb3549e2cac1b
+msgid "For environment vars, the separator between sections and variables is a double underscore: ``__``. For instance, the ``NAME`` var in the ``CANAILLE`` section shown above is ``CANAILLE__NAME``."
+msgstr ""
+
+#: ../references/configuration.rst:40
+#: 01f42d420c644add8307d0eef66d0930
+msgid "Environment file"
+msgstr ""
+
+#: ../references/configuration.rst:42
+#: 3b0b1ca1d349437c8652af2378bf18d4
+msgid "Any environment variable can also be written in a ``.env``, and will be read if present."
+msgstr ""
+
+#: ../references/configuration.rst:44
+#: 8e6ba368bac9448a9a26b32cbc2b98d3
+msgid ".env"
+msgstr ""
+
+#: ../references/configuration.rst:62
+#: e8919384d11b4689b474121852d7691f
+msgid "Parameters"
+msgstr ""
+
+#: ../../canaille/app/configuration.py:docstring of canaille.app.configuration.RootSettings:1
+#: 486ab8655b5948d38adcda288a2ccc35
+msgid "The top-level namespace contains holds the configuration settings unrelated to Canaille."
+msgstr ""
+
+#: ../../canaille/app/configuration.py:docstring of canaille.app.configuration.RootSettings:4
+#: c2e98629ddfc4697971e8726fced5051
+msgid "The configuration paramateres from the following libraries can be used:"
+msgstr ""
+
+#: ../../canaille/app/configuration.py:docstring of canaille.app.configuration.RootSettings:6
+#: 926489c26ef44fc1a362cf34b981ff23
+msgid ":doc:`Flask <flask:config>`"
+msgstr ""
+
+#: ../../canaille/app/configuration.py:docstring of canaille.app.configuration.RootSettings:7
+#: 3d608d07342849cd91a9314c0e91ee06
+msgid ":doc:`Flask-WTF <flask-wtf:config>`"
+msgstr ""
+
+#: ../../canaille/app/configuration.py:docstring of canaille.app.configuration.RootSettings:8
+#: e3a176d61a77455898beeb2176f6e4bf
+msgid ":doc:`Flask-Babel <flask-babel:index>`"
+msgstr ""
+
+#: ../../canaille/app/configuration.py:docstring of canaille.app.configuration.RootSettings:9
+#: 2722a53bf45f40e68c55ce195bd2a92c
+msgid ":doc:`Authlib <authlib:flask/2/authorization-server>`"
+msgstr ""
+
+#: ../../docstring of canaille.app.configuration.RootSettings.DEBUG:1
+#: 71da9dadc99c484ca0930e47d422852f
+msgid "The Flask :external:py:data:`DEBUG` configuration setting."
+msgstr ""
+
+#: ../../docstring of canaille.app.configuration.RootSettings.DEBUG:3
+#: 8e020bed08534b899eeb1976a43677d8
+msgid "This enables debug options."
+msgstr ""
+
+#: ../../docstring of canaille.app.configuration.RootSettings.DEBUG:7
+#: b1e842b72e524591b8d841a758be14a3
+msgid "This is useful for development but should be absolutely avoided in production environments."
+msgstr ""
+
+#: ../../docstring of canaille.app.configuration.RootSettings.PREFERRED_URL_SCHEME:1
+#: a7a884840e804de2934fc1794b5f9916
+msgid "The Flask :external:py:data:`PREFERRED_URL_SCHEME` configuration setting."
+msgstr ""
+
+#: ../../docstring of canaille.app.configuration.RootSettings.PREFERRED_URL_SCHEME:4
+#: a75e96a48e0e41fb975f903ea3dbaf93
+msgid "This sets the url scheme by which canaille will be served."
+msgstr ""
+
+#: ../../docstring of canaille.app.configuration.RootSettings.SECRET_KEY:1
+#: a51da4634d924fcc8edb45332152d161
+msgid "The Flask :external:py:data:`SECRET_KEY` configuration setting."
+msgstr ""
+
+#: ../../docstring of canaille.app.configuration.RootSettings.SECRET_KEY:3
+#: c3b465a2b6d440298f71736437ad5ef5
+msgid "You MUST change this."
+msgstr ""
+
+#: ../../docstring of canaille.app.configuration.RootSettings.SERVER_NAME:1
+#: d5faf5b872ed40a794d5046c51fcfbd0
+msgid "The Flask :external:py:data:`SERVER_NAME` configuration setting."
+msgstr ""
+
+#: ../../docstring of canaille.app.configuration.RootSettings.SERVER_NAME:3
+#: ebffd9c94a524950abb6b711884ed64d
+msgid "This sets domain name on which canaille will be served."
+msgstr ""
+
+#: ../../canaille/core/configuration.py:docstring of canaille.core.configuration.CoreSettings:1
+#: cb519bb5488c429888c104503c3ad3e4
+msgid "The settings from the ``CANAILLE`` namespace."
+msgstr ""
+
+#: ../../canaille/core/configuration.py:docstring of canaille.core.configuration.CoreSettings:3
+#: 2739711892104e328cad1e98ae48d4b8
+msgid "Those are all the configuration parameters that controls the behavior of Canaille."
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.CoreSettings.ACL:1
+#: 29bfd1d0d0284b4287b9e7b5f9c36b74
+msgid "Mapping of permission groups. See :class:`ACLSettings` for more details."
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.CoreSettings.ACL:3
+#: 578bb4e7e6674f7e88646e839112a01e
+msgid "The ACL name can be freely chosen. For example::"
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.CoreSettings.ADMIN_EMAIL:1
+#: 8ee064e1a1194fa8982d08ef227da8dc
+msgid "Administration email contact."
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.CoreSettings.ADMIN_EMAIL:3
+#: 9820352fe91c4aae840232df61d25857
+msgid "In certain special cases (example : questioning about password corruption), it is necessary to provide an administration contact email."
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.CoreSettings.EMAIL_CONFIRMATION:1
+#: 2fceb1c9ec9842158c9b9b7f1fa09168
+msgid "If :py:data:`True`, users will need to click on a confirmation link sent by email when they want to add a new email."
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.CoreSettings.EMAIL_CONFIRMATION:4
+#: 4b471ce1ba674ea8b77f29cdf45f4b2c
+msgid "By default, this is true if ``SMTP`` is configured, else this is false. If explicitly set to true and ``SMTP`` is disabled, the email field will be read-only."
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.CoreSettings.ENABLE_PASSWORD_COMPROMISSION_CHECK:1
+#: bc1661ce2f9e4fe2b493c625841fece8
+msgid "If :py:data:`True`, Canaille will check if passwords appears in compromission databases such as `HIBP <https://haveibeenpwned.com>`_ when users choose a new one."
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.CoreSettings.ENABLE_PASSWORD_RECOVERY:1
+#: e5b04d013a764712abc3a03e249e70ad
+msgid "If :py:data:`False`, then users cannot ask for a password recovery link by email."
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.CoreSettings.ENABLE_REGISTRATION:1
+#: 1a86268c22bd4e6fa5d5d01d9333c389
+msgid "If :py:data:`True`, then users can freely create an account at this instance."
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.CoreSettings.ENABLE_REGISTRATION:4
+#: 9ec23021f8bb46b1a76163da8353864a
+msgid "If email verification is available, users must confirm their email before the account is created."
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.CoreSettings.FAVICON:1
+#: 050e680da1dd409ba5611b49d388c236
+msgid "You favicon."
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.CoreSettings.FAVICON:3
+#: 44351f8a0aad4103877a89b3d773da1e
+msgid "If unset and :attr:`LOGO` is set, then the logo will be used."
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.CoreSettings.HIDE_INVALID_LOGINS:1
+#: e5d3da93787741b498df2c84a4708195
+msgid "If :py:data:`True`, when users try to sign in with an invalid login, a message is shown indicating that the password is wrong, but does not give a clue whether the login exists or not."
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.CoreSettings.HIDE_INVALID_LOGINS:5
+#: f1c78673ee1745279f8ec42cdff93cac
+msgid "If :py:data:`False`, when a user tries to sign in with an invalid login, a message is shown indicating that the login does not exist."
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.CoreSettings.HTMX:1
+#: 404e51ae5209412c97dc6fa6dea57e3c
+msgid "Accelerates webpages loading with asynchronous requests."
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.CoreSettings.INVITATION_EXPIRATION:1
+#: 6dba3015fe70429d9ba1bbda15533973
+msgid "The validity duration of registration invitations, in seconds."
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.CoreSettings.INVITATION_EXPIRATION:3
+#: b0c02fcd815f422f9c9acd2612c97346
+msgid "Defaults to 2 days."
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.CoreSettings.JAVASCRIPT:1
+#: 5802b46432cd48f6a66f5b1512d7b6e8
+msgid "Enables Javascript to smooth the user experience."
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.CoreSettings.LANGUAGE:1
+#: 142e35437b3748f8b3ac8f6b8e7240a6
+msgid "If a language code is set, it will be used for every user."
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.CoreSettings.LANGUAGE:3
+#: e338715fd61143e2a1b537adf9947e7f
+msgid "If unset, the language is guessed according to the users browser."
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.CoreSettings.LOGGING:1
+#: f1b6ffe918904a7e8f12478e9777189e
+msgid "Configures the logging output using the python logging configuration format:"
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.CoreSettings.LOGGING:3
+#: adf30d64e31649c993f97ee0f0526e50
+msgid "if :py:data:`None`, everything is logged in the standard error output the log level is :py:data:`~logging.DEBUG` if the :attr:`~canaille.app.configuration.RootSettings.DEBUG` setting is :py:data:`True`, else this is :py:data:`~logging.INFO`"
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.CoreSettings.LOGGING:6
+#: 947c4f81681a421ab19405abe2bcd041
+msgid "if this is a :class:`dict`, it is passed to :func:`logging.config.dictConfig`:"
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.CoreSettings.LOGGING:7
+#: 6cd1d5c423754618965278773dea5dff
+msgid "if this is a :class:`str`, it is expected to be a file path that will be passed to :func:`logging.config.fileConfig`"
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.CoreSettings.LOGGING:10
+#: 6bf518e7d17d40c885ae66018ba85818
+msgid "For example::"
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.CoreSettings.LOGO:1
+#: 1ad6c44c92f6404fa900222ae71404fd
+msgid "The logo of your organization, this is useful to make your organization recognizable on login screens."
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.CoreSettings.MAX_PASSWORD_LENGTH:1
+#: 3915ce88d08d469a8797d9ac7b9e76bb
+msgid "Maximum length for user password."
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.CoreSettings.MAX_PASSWORD_LENGTH:3
+#: e56397580fdc4ef9856be66e9afcd944
+msgid "There is a technical limit with passlib used by sql database of 4096 characters. If the value entered is 0 or None, or greater than 4096, then 4096 will be retained."
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.CoreSettings.MIN_PASSWORD_LENGTH:1
+#: 382c57f189834a5dafe4e6a7dafac059
+msgid "Minimum length for user password."
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.CoreSettings.MIN_PASSWORD_LENGTH:3
+#: 242b94d8ebc74169838056a41b468bb0
+msgid "It is possible not to set a minimum, by entering None or 0."
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.CoreSettings.NAME:1
+#: d685099921b749dabfa7766ab83cd899
+msgid "Your organization name."
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.CoreSettings.NAME:3
+#: c0b11619f38147c38e45c33bb95130cd
+msgid "Used for display purpose."
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.CoreSettings.PASSWORD_COMPROMISSION_CHECK_API_URL:1
+#: 13d7b717443d4d7f8072c052e77fb9a1
+msgid "Have i been pwned api url for compromission checks."
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.CoreSettings.SENTRY_DSN:1
+#: 5ace1a77e6844217a9a525ba89fca4ac
+msgid "A `Sentry <https://sentry.io>`_ DSN to collect the exceptions."
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.CoreSettings.SENTRY_DSN:3
+#: eb2487e49bcb4c06b4b072c1bffd1b35
+msgid "This is useful for tracking errors in test and production environments."
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.CoreSettings.SMTP:1
+#: a380618f79db467497998c14d0479bb5
+msgid "The settings related to SMTP and mail configuration."
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.CoreSettings.SMTP:3
+#: 4e7cc4129a664eab896700ae2a531a85
+msgid "If unset, mail-related features like password recovery won't be enabled."
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.CoreSettings.THEME:1
+#: 8e154507bca34a2da6fd956bb5a4be7a
+msgid "The name of a theme in the 'theme' directory, or a path to a theme."
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.CoreSettings.THEME:3
+#: 1c6f63e8169d4d39b90cd03d21240d57
+msgid "Defaults to ``default``. Theming is done with `flask-themer <https://github.com/tktech/flask-themer>`_."
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.CoreSettings.TIMEZONE:1
+#: 64d6f680335c4994a06052b1e8926707
+msgid "The timezone in which datetimes will be displayed to the users (e.g. ``CEST``)."
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.CoreSettings.TIMEZONE:4
+#: 7fb3171a6fbd4688b6a1d5fec23ecdd6
+msgid "If unset, the server timezone will be used."
+msgstr ""
+
+#: ../../canaille/core/configuration.py:docstring of canaille.core.configuration.SMTPSettings:1
+#: b4724fa923b043ad93559be1154655e7
+msgid "The SMTP configuration. Belong in the ``CANAILLE.SMTP`` namespace. If unset, mail related features will be disabled, such as mail verification or password recovery emails."
+msgstr ""
+
+#: ../../canaille/core/configuration.py:docstring of canaille.core.configuration.SMTPSettings:5
+#: 347fd2955c774b188997a442e55f5c7c
+msgid "By default, Canaille will try to send mails from localhost without authentication."
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.SMTPSettings.FROM_ADDR:1
+#: 9423c5190b184836a8e0562f59e17cb0
+msgid "The sender for Canaille mails."
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.SMTPSettings.FROM_ADDR:3
+#: 5f9fe89512184352bf83dd9dc13cb400
+msgid "Some mail provider might require a valid sender address."
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.SMTPSettings.HOST:1
+#: a71c5983a93846dea4f2af605ceb2964
+msgid "The SMTP host."
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.SMTPSettings.LOGIN:1
+#: 09dcbcac25bd4ae4903e446424664181
+msgid "The SMTP login."
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.SMTPSettings.PASSWORD:1
+#: 8ca2a76f50d94448abf6fd29360b224b
+msgid "The SMTP password."
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.SMTPSettings.PORT:1
+#: bb71e9c748e54024891e1120144ecd60
+msgid "The SMTP port."
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.SMTPSettings.SSL:1
+#: a1979063c4674a2d8a2c8d552096949f
+msgid "Whether to use SSL to connect to the SMTP server."
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.SMTPSettings.TLS:1
+#: 1c5218d536e04654a21231a7f66ca17f
+msgid "Whether to use TLS to connect to the SMTP server."
+msgstr ""
+
+#: ../../canaille/core/configuration.py:docstring of canaille.core.configuration.ACLSettings:1
+#: 71a851e0084748b7866328b368c1e71a
+msgid "Access Control List settings. Belong in the ``CANAILLE.ACL`` namespace."
+msgstr ""
+
+#: ../../canaille/core/configuration.py:docstring of canaille.core.configuration.ACLSettings:3
+#: 02255fc1a04d4b8192d5a3b1b43d1908
+msgid "You can define access controls that define what users can do on canaille An access control consists in a :attr:`FILTER` to match users, a list of :attr:`PERMISSIONS` matched users will be able to perform, and fields users will be able to :attr:`READ` and :attr:`WRITE`. Users matching several filters will cumulate permissions."
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.ACLSettings.FILTER:1
+#: 8da16abfa50940b999a4d5f409e58d74
+msgid ":attr:`FILTER` can be:"
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.ACLSettings.FILTER:3
+#: d4138506b0e4483abd40a4e95406094c
+msgid ":py:data:`None`, in which case all the users will match this access control"
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.ACLSettings.FILTER:4
+#: 1abd6284f39f45a492767464191f5187
+msgid "a mapping where keys are user attributes name and the values those user attribute values. All the values must be matched for the user to be part of the access control."
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.ACLSettings.FILTER:7
+#: 6ba9c1bc84f04f8882ed58940ad15b0e
+msgid "a list of those mappings. If a user values match at least one mapping, then the user will be part of the access control"
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.ACLSettings.FILTER:10
+#: 23744c24632a4d168f8ec678e1a3bf5d
+msgid "Here are some examples::"
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.ACLSettings.PERMISSIONS:1
+#: 4078af0ed93b47c49ca31792ac5b97c5
+msgid "A list of :class:`Permission` users in the access control will be able to manage. For example::"
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.ACLSettings.READ:1
+#: 73365747e42042caa220e123de8845d4
+msgid "A list of :class:`~canaille.core.models.User` attributes that users in the ACL will be able to read."
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.ACLSettings.WRITE:1
+#: bd69e48c329248e69a6852bbd6a73d08
+msgid "A list of :class:`~canaille.core.models.User` attributes that users in the ACL will be able to edit."
+msgstr ""
+
+#: ../../canaille/core/configuration.py:docstring of canaille.core.configuration.Permission:1
+#: 66b3d6aa06174799a1e83949b252b22b
+msgid "The permissions that can be assigned to users."
+msgstr ""
+
+#: ../../canaille/core/configuration.py:docstring of canaille.core.configuration.Permission:3
+#: d2e7535abbbc43d2ad09d62291a30297
+msgid "The permissions are intended to be used in :attr:`ACLSettings <canaille.core.configuration.ACLSettings.PERMISSIONS>`."
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.Permission.DELETE_ACCOUNT:1
+#: bf8bae1371be4200b76be25da42673fa
+msgid "Allows users to delete their account."
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.Permission.DELETE_ACCOUNT:3
+#: 8da238231ec845cc82ed303bc585edc0
+msgid "If used with :attr:`~canaille.core.configuration.Permission.MANAGE_USERS`, users can delete any account."
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.Permission.EDIT_SELF:1
+#: 39bc9c236e2d43568deca0a4d8863c0e
+msgid "Allows users to edit their own profile."
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.Permission.IMPERSONATE_USERS:1
+#: eb90e06ddce8426a87f4a877427b7411
+msgid "Allows users to take the identity of another user."
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.Permission.MANAGE_GROUPS:1
+#: 4ce3c4ee68704259b6bfc08335c381a6
+msgid "Allows group edition and creation."
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.Permission.MANAGE_OIDC:1
+#: ec06504cced4488d8ffd138e5119a370
+msgid "Allows OpenID Connect client managements."
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.Permission.MANAGE_USERS:1
+#: a15d00d9eb474b1491db47819306715c
+msgid "Allows other users management."
+msgstr ""
+
+#: ../../docstring of canaille.core.configuration.Permission.USE_OIDC:1
+#: f48a8f942231472ea57ad0634ef23ab4
+msgid "Allows OpenID Connect authentication."
+msgstr ""
+
+#: ../../canaille/oidc/configuration.py:docstring of canaille.oidc.configuration.OIDCSettings:1
+#: 1cf02f0bdf124960b8cb0d8741b19077
+msgid "OpenID Connect settings."
+msgstr ""
+
+#: ../../canaille/oidc/configuration.py:docstring of canaille.oidc.configuration.OIDCSettings:3
+#: f81414e07e2b40379d4a869caa971765
+msgid "Belong in the ``CANAILLE_OIDC`` namespace."
+msgstr ""
+
+#: ../../docstring of canaille.oidc.configuration.OIDCSettings.DYNAMIC_CLIENT_REGISTRATION_OPEN:1
+#: b385519bdeb94fc1b0c241a26ffa10b4
+msgid "Whether a token is needed for the RFC7591 dynamical client registration."
+msgstr ""
+
+#: ../../docstring of canaille.oidc.configuration.OIDCSettings.DYNAMIC_CLIENT_REGISTRATION_OPEN:3
+#: 1394e8b1482d48eb83e3b83d0c9fedd6
+msgid "If :py:data:`True`, no token is needed to register a client. If :py:data:`False`, dynamical client registration needs a token defined in :attr:`DYNAMIC_CLIENT_REGISTRATION_TOKENS`."
+msgstr ""
+
+#: ../../docstring of canaille.oidc.configuration.OIDCSettings.DYNAMIC_CLIENT_REGISTRATION_TOKENS:1
+#: 7066265898154e20a5b50d8fba161b04
+msgid "A list of tokens that can be used for dynamic client registration."
+msgstr ""
+
+#: ../../docstring of canaille.oidc.configuration.OIDCSettings.JWT:1
+#: d629635ccc9c4e0099fe8cbec07df497
+msgid "JSON Web Token settings."
+msgstr ""
+
+#: ../../docstring of canaille.oidc.configuration.OIDCSettings.REQUIRE_NONCE:1
+#: 44bed0d7fc604d6bb0797836f3a28d63
+msgid "Force the nonce exchange during the authentication flows."
+msgstr ""
+
+#: ../../docstring of canaille.oidc.configuration.OIDCSettings.REQUIRE_NONCE:3
+#: 894924bff0764b1e9aed9f5399d32fd9
+msgid "This adds security but may not be supported by all clients."
+msgstr ""
+
+#: ../../canaille/oidc/configuration.py:docstring of canaille.oidc.configuration.JWTSettings:1
+#: 923a6ec2411143d08c5502134f1622de
+msgid "JSON Web Token settings. Belong in the ``CANAILLE_OIDC.JWT`` namespace."
+msgstr ""
+
+#: ../../canaille/oidc/configuration.py:docstring of canaille.oidc.configuration.JWTSettings:3
+#: 2c22c86a44084df0889ccb862da2c593
+msgid "You can generate a RSA keypair with::"
+msgstr ""
+
+#: ../../docstring of canaille.oidc.configuration.JWTSettings.ALG:1
+#: a39536bb26fc47d688e2a8f58b2b9b34
+msgid "The key algorithm."
+msgstr ""
+
+#: ../../docstring of canaille.oidc.configuration.JWTSettings.EXP:1
+#: c2101e05e83740f58d59dbadb3190147
+msgid "The time the JWT will be valid, in seconds."
+msgstr ""
+
+#: ../../docstring of canaille.oidc.configuration.JWTSettings.ISS:1
+#: d05b86845777404cac5d7e25f6b4fd7a
+msgid "The URI of the identity provider."
+msgstr ""
+
+#: ../../docstring of canaille.oidc.configuration.JWTSettings.KTY:1
+#: 978dc3cd74ed41d380ef579824b768d3
+msgid "The key type."
+msgstr ""
+
+#: ../../docstring of canaille.oidc.configuration.JWTSettings.PRIVATE_KEY:1
+#: b07fad4012c04549b9014376e8973080
+msgid "The private key."
+msgstr ""
+
+#: ../../docstring of canaille.oidc.configuration.JWTSettings.PRIVATE_KEY:3
+#: ../../docstring of canaille.oidc.configuration.JWTSettings.PUBLIC_KEY:3
+#: 11bc180445ad4c9e83ad18ee61b19b5b
+#: f647de58457043d6bf1254041b232459
+msgid "If :py:data:`None` and debug mode is enabled, then an in-memory key will be used."
+msgstr ""
+
+#: ../../docstring of canaille.oidc.configuration.JWTSettings.PUBLIC_KEY:1
+#: ea693f1143e346b5a1707e501b4612c1
+msgid "The public key."
+msgstr ""
+
+#: ../../canaille/oidc/configuration.py:docstring of canaille.oidc.configuration.JWTMappingSettings:1
+#: 3f37afeb4ba944f1893abd9a4bf24c82
+msgid "Mapping between the user model and the JWT fields."
+msgstr ""
+
+#: ../../canaille/oidc/configuration.py:docstring of canaille.oidc.configuration.JWTMappingSettings:3
+#: d6d5e13e76374c7c91fad5594b994abe
+msgid "Fields are evaluated with jinja. A ``user`` var is available."
+msgstr ""
+
+#: ../../canaille/backends/sql/configuration.py:docstring of canaille.backends.sql.configuration.SQLSettings:1
+#: 18dbb46c974e490da7044bb55c57a8b4
+msgid "Settings related to the SQL backend."
+msgstr ""
+
+#: ../../canaille/backends/sql/configuration.py:docstring of canaille.backends.sql.configuration.SQLSettings:3
+#: ac8f095c73d94a9eb610a6a877f56323
+msgid "Belong in the ``CANAILLE_SQL`` namespace."
+msgstr ""
+
+#: ../../docstring of canaille.backends.sql.configuration.SQLSettings.DATABASE_URI:1
+#: 657ca5834898413aada92c21e870127b
+msgid "The SQL server URI. For example::"
+msgstr ""
+
+#: ../../canaille/backends/ldap/configuration.py:docstring of canaille.backends.ldap.configuration.LDAPSettings:1
+#: eb2efa5097154602b3712c16331eb618
+msgid "Settings related to the LDAP backend."
+msgstr ""
+
+#: ../../canaille/backends/ldap/configuration.py:docstring of canaille.backends.ldap.configuration.LDAPSettings:3
+#: b9b407b8429e4c6db8ff909834398889
+msgid "Belong in the ``CANAILLE_LDAP`` namespace."
+msgstr ""
+
+#: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.BIND_DN:1
+#: 73e722b3fe3740e2bb04a67dd1396814
+msgid "The LDAP bind DN."
+msgstr ""
+
+#: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.BIND_PW:1
+#: 06730a32df8d44f2a1708565fd514032
+msgid "The LDAP bind password."
+msgstr ""
+
+#: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.GROUP_BASE:1
+#: ccd8fe02e0da48349bc7c22960ab400a
+msgid "The LDAP node under which groups will be looked for and saved."
+msgstr ""
+
+#: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.GROUP_BASE:3
+#: f5e60ac6241b4d988e17fb66c5ed8fa8
+msgid "For instance `\"ou=groups,dc=mydomain,dc=tld\"`."
+msgstr ""
+
+#: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.GROUP_CLASS:1
+#: df9cbdb25acd4c6cb9b940028c470f70
+msgid "The object class to use for creating new groups."
+msgstr ""
+
+#: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.GROUP_NAME_ATTRIBUTE:1
+#: cd8d5769aea049e9a097a71d8e78705b
+msgid "The attribute to use to identify a group."
+msgstr ""
+
+#: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.GROUP_RDN:1
+#: bbdd9122975a422d97bbb1124775f483
+msgid "The attribute to identify an object in the Group DN."
+msgstr ""
+
+#: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.ROOT_DN:1
+#: 9ec0421dc6d146aa9deb878b8b74c310
+msgid "The LDAP root DN."
+msgstr ""
+
+#: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.TIMEOUT:1
+#: 18aa1e3fda9044ffb3ec7c5b66eb927f
+msgid "The LDAP connection timeout."
+msgstr ""
+
+#: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.URI:1
+#: 5e5f46a65b914960bee9cab8c1ed8295
+msgid "The LDAP server URI."
+msgstr ""
+
+#: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.USER_BASE:1
+#: 37e84f4b6c9a4f2aac524b211eec92a2
+msgid "The LDAP node under which users will be looked for and saved."
+msgstr ""
+
+#: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.USER_BASE:3
+#: 865d8a39af0c4081a0e5efbdb093e64d
+msgid "For instance `ou=users,dc=mydomain,dc=tld`."
+msgstr ""
+
+#: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.USER_CLASS:1
+#: f2a1aa79a096443b82bf75ffed902328
+msgid "The object class to use for creating new users."
+msgstr ""
+
+#: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.USER_FILTER:1
+#: d2867ad1a2cf42b6834d173c1596fb11
+msgid "Filter to match users on sign in."
+msgstr ""
+
+#: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.USER_FILTER:3
+#: 7eb49bc6bd41495cb8703166a9142961
+msgid "For instance ``(|(uid={{ login }})(mail={{ login }}))``. Jinja syntax is supported and a ``login`` variable is available, containing the value passed in the login field."
+msgstr ""
+
+#: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.USER_RDN:1
+#: 1b1a300a828f46248b0c26e37cc00c26
+msgid "The attribute to identify an object in the User DN."
+msgstr ""
+
+#: ../references/configuration.rst:81
+#: 6a9df3aff9164276819573e73de3cf28
+msgid "Example file"
+msgstr ""
+
+#: ../references/configuration.rst:83
+#: 9f661407953e4eceaf59f39040594f94
+msgid "Here is a configuration file example:"
+msgstr ""
diff --git a/doc/gettext/references/index.pot b/doc/gettext/references/index.pot
new file mode 100644
index 00000000..dcb0ddcb
--- /dev/null
+++ b/doc/gettext/references/index.pot
@@ -0,0 +1,22 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) 2024, Yaal Coop
+# This file is distributed under the same license as the canaille package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: canaille 0.0.56\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2024-11-22 16:20+0100\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../references/index.rst:2
+#: 7e0a9ca5df284cb4aefaaa69849afa67
+msgid "References"
+msgstr ""
diff --git a/doc/gettext/references/models.pot b/doc/gettext/references/models.pot
new file mode 100644
index 00000000..4e82529f
--- /dev/null
+++ b/doc/gettext/references/models.pot
@@ -0,0 +1,632 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) 2024, Yaal Coop
+# This file is distributed under the same license as the canaille package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: canaille 0.0.56\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2024-11-22 16:20+0100\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../references/models.rst:2
+#: 41a7dc7b250e480db46d41e3aee22ad1
+msgid "Data models"
+msgstr ""
+
+#: ../references/models.rst:4
+#: 1b1a39298a8748d695327d8c3205861e
+msgid "This reference details the data models used by Canaille. This is mostly useful for developers."
+msgstr ""
+
+#: ../../canaille/backends/models.py:docstring of canaille.backends.models.BackendModel:1
+#: ../../canaille/backends/models.py:docstring of canaille.backends.models.Model:1
+#: 5dfedb2673a34cffab2636c959e69517
+#: 180db8c2a5484efcaaedab0d0259893c
+msgid "Bases: :py:class:`object`"
+msgstr ""
+
+#: ../../canaille/backends/models.py:docstring of canaille.backends.models.BackendModel:1
+#: 054dc8cb64204518901c6f741d0a78db
+msgid "The backend model abstract class."
+msgstr ""
+
+#: ../../canaille/backends/models.py:docstring of canaille.backends.models.BackendModel:3
+#: d5425365fe8544d99d250bc36f79a9b9
+msgid "It details all the methods and attributes that are expected to be implemented for every model and for every backend."
+msgstr ""
+
+#: ../../canaille/backends/models.py:docstring of canaille.backends.models.Model:1
+#: eed98eef84344fa8a1dfa96630a2308d
+msgid "The model abstract class."
+msgstr ""
+
+#: ../../canaille/backends/models.py:docstring of canaille.backends.models.Model:3
+#: e45bdfd99f954f4c8fc3dc213443ff33
+msgid "It details all the common attributes shared by every models."
+msgstr ""
+
+#: ../../docstring of canaille.backends.models.Model.created:1
+#: 499d3761712a4423ada0b6c9e7336b9d
+msgid "The :class:`~datetime.datetime` that the resource was added to the service provider."
+msgstr ""
+
+#: ../../docstring of canaille.backends.models.Model.id:1
+#: eb26542ddccf459bbd8179d12e546226
+msgid "A unique identifier for a SCIM resource as defined by the service provider. Id will be :py:data:`None` until the :meth:`~canaille.backends.models.BackendModel.save` method is called."
+msgstr ""
+
+#: ../../docstring of canaille.backends.models.Model.id:5
+#: 99a3ebf8e2f0425f8f6b2cb0fd43b1aa
+msgid "Each representation of the resource MUST include a non-empty \"id\" value.  This identifier MUST be unique across the SCIM service provider's entire set of resources.  It MUST be a stable, non- reassignable identifier that does not change when the same resource is returned in subsequent requests.  The value of the \"id\" attribute is always issued by the service provider and MUST NOT be specified by the client.  The string \"bulkId\" is a reserved keyword and MUST NOT be used within any unique identifier value.  The attribute characteristics are \"caseExact\" as \"true\", a mutability of \"readOnly\", and a \"returned\" characteristic of \"always\".  See Section 9 for additional considerations regarding privacy."
+msgstr ""
+
+#: ../../canaille/backends/models.py:docstring of canaille.backends.models.Model.identifier:1
+#: d3ab1a41021449649f7fc65d7faa4b5a
+msgid "Returns a unique value that will be used to identify the model instance."
+msgstr ""
+
+#: ../../canaille/backends/models.py:docstring of canaille.backends.models.Model.identifier:4
+#: 730b5beedf3345e7a1f3c9152b471d76
+msgid "This value will be used in URLs in canaille, so it should be unique and short."
+msgstr ""
+
+#: ../../docstring of canaille.backends.models.Model.last_modified:1
+#: 6654492d947545cf99532d0bc78c607d
+msgid "The most recent :class:`~datetime.datetime` that the details of this resource were updated at the service provider."
+msgstr ""
+
+#: ../../docstring of canaille.backends.models.Model.last_modified:4
+#: a06610bf90c745bf97d7332606ee3e14
+msgid "If this resource has never been modified since its initial creation, the value MUST be the same as the value of :attr:`~canaille.backends.models.Model.created`."
+msgstr ""
+
+#: ../../canaille/core/models.py:docstring of canaille.core.models.Group:1
+#: ../../canaille/core/models.py:docstring of canaille.core.models.User:1
+#: ../../canaille/oidc/basemodels.py:docstring of canaille.oidc.basemodels.AuthorizationCode:1
+#: ../../canaille/oidc/basemodels.py:docstring of canaille.oidc.basemodels.Client:1
+#: ../../canaille/oidc/basemodels.py:docstring of canaille.oidc.basemodels.Consent:1
+#: ../../canaille/oidc/basemodels.py:docstring of canaille.oidc.basemodels.Token:1
+#: 25aac7c6a4de47149abecdba2643cf16
+#: 2fcb719579614323832335e883920d06
+#: 9fcbd7a341574bb0a12735c80577678c
+#: e686b323e13d49108d090d0ccec91b95
+#: a2f9ebd1047445d68a4211e9f7e7939d
+#: 474767a737ea4abeb51431231c5eeecd
+msgid "Bases: :py:class:`~canaille.backends.models.Model`"
+msgstr ""
+
+#: ../../canaille/core/models.py:docstring of canaille.core.models.Group:1
+#: 75d84fdf9b3e4d40a7388fde78daf7d4
+msgid "User model, based on the `SCIM Group schema <https://datatracker.ietf.org/doc/html/rfc7643#section-4.2>`_."
+msgstr ""
+
+#: ../../docstring of canaille.core.models.Group.display_name:1
+#: b34781220a204e858e24409b1a1059c7
+msgid "A human-readable name for the Group."
+msgstr ""
+
+#: ../../docstring of canaille.core.models.Group.display_name:3
+#: ../../docstring of canaille.oidc.basemodels.Client.client_id:1
+#: 08b43e57fa894ae3b6317cc37297342c
+#: 48449512919d4b3ab2aa12fe6c48a3f4
+msgid "REQUIRED."
+msgstr ""
+
+#: ../../docstring of canaille.core.models.Group.members:1
+#: 6028207848c745e381bd6946ce2d276d
+msgid "A list of members of the Group."
+msgstr ""
+
+#: ../../docstring of canaille.core.models.Group.members:3
+#: f75ea88690b0435a917de111ae26b22b
+msgid "While values MAY be added or removed, sub-attributes of members are \"immutable\".  The \"value\" sub-attribute contains the value of an \"id\" attribute of a SCIM resource, and the \"$ref\" sub-attribute must be the URI of a SCIM resource such as a \"User\", or a \"Group\".  The intention of the \"Group\" type is to allow the service provider to support nested groups.  Service providers MAY require clients to provide a non-empty value by setting the \"required\" attribute characteristic of a sub-attribute of the \"members\" attribute in the \"Group\" resource schema."
+msgstr ""
+
+#: ../../canaille/core/models.py:docstring of canaille.core.models.User:1
+#: 539d0e7b4b0143c39c76c5e9ef16bd86
+msgid "User model, based on the `SCIM User schema <https://datatracker.ietf.org/doc/html/rfc7643#section-4.1>`_, `Entreprise User Schema Extension <https://datatracker.ietf.org/doc/html/rfc7643#section-4.3>`_ and `SCIM Password Management Extension <https://datatracker.ietf.org/doc/html/draft-hunt-scim-password-mgmt-00.html>`_ draft. Attribute description is based on SCIM and put there for information purpose. The description may not fit the current implementation in Canaille."
+msgstr ""
+
+#: ../../canaille/core/models.py:docstring of canaille.core.models.User.can:1
+#: 87eda29a61a745199883fc289a13c314
+msgid "Whether or not the user has the :class:`~canaille.core.configuration.Permission` according to the :class:`configuration <canaille.core.configuration.ACLSettings>`."
+msgstr ""
+
+#: ../../docstring of canaille.core.models.User.department:1
+#: c2e676f9335f408ab8318ffd79b0aa8a
+msgid "Identifies the name of a department."
+msgstr ""
+
+#: ../../docstring of canaille.core.models.User.display_name:1
+#: 5881ae5858d447058eca54d075e1799a
+msgid "The name of the user, suitable for display to end-users."
+msgstr ""
+
+#: ../../docstring of canaille.core.models.User.display_name:3
+#: 270a39dc6d7f49b49f5e21b2048c6c9a
+msgid "Each user returned MAY include a non-empty displayName value.  The name SHOULD be the full name of the User being described, if known (e.g., \"Babs Jensen\" or \"Ms. Barbara J Jensen, III\") but MAY be a username or handle, if that is all that is available (e.g., \"bjensen\").  The value provided SHOULD be the primary textual label by which this User is normally displayed by the service provider when presenting it to end-users."
+msgstr ""
+
+#: ../../docstring of canaille.core.models.User.emails:1
+#: 8cb604df1a19481284ee1359685e6af0
+msgid "Email addresses for the User."
+msgstr ""
+
+#: ../../docstring of canaille.core.models.User.emails:3
+#: cf1562e8f9334a6f9f9d1d8ed7fad99f
+msgid "The value SHOULD be specified according to [RFC5321].  Service providers SHOULD canonicalize the value according to [RFC5321], e.g., \"bjensen@example.com\" instead of \"bjensen@EXAMPLE.COM\".  The \"display\" sub-attribute MAY be used to return the canonicalized representation of the email value. The \"type\" sub-attribute is used to provide a classification meaningful to the (human) user.  The user interface should encourage the use of basic values of \"work\", \"home\", and \"other\" and MAY allow additional type values to be used at the discretion of SCIM clients."
+msgstr ""
+
+#: ../../docstring of canaille.core.models.User.employee_number:1
+#: 636ed55260c74feeacbf312e64f05846
+msgid "A string identifier, typically numeric or alphanumeric, assigned to a person, typically based on order of hire or association with an organization."
+msgstr ""
+
+#: ../../docstring of canaille.core.models.User.family_name:1
+#: 64675e899765403b9e7f5f7e20b6a4d4
+msgid "The family name of the User, or last name in most Western languages (e.g., \"Jensen\" given the full name \"Ms. Barbara Jane Jensen, III\")."
+msgstr ""
+
+#: ../../docstring of canaille.core.models.User.formatted_address:1
+#: d7bc625574aa4a92922b80a678dd2603
+msgid "The full mailing address, formatted for display or use with a mailing label."
+msgstr ""
+
+#: ../../docstring of canaille.core.models.User.formatted_address:4
+#: 7b5cfe72fe824e41acc01e5b12836c38
+msgid "This attribute MAY contain newlines."
+msgstr ""
+
+#: ../../docstring of canaille.core.models.User.formatted_name:1
+#: 3a0ffada2e8445b28acbba22cc25b66c
+msgid "The full name, including all middle names, titles, and suffixes as appropriate, formatted for display (e.g., \"Ms. Barbara Jane Jensen, III\")."
+msgstr ""
+
+#: ../../docstring of canaille.core.models.User.given_name:1
+#: 61ce490296b54da7ae1b542c1f705d86
+msgid "The given name of the User, or first name in most Western languages (e.g., \"Barbara\" given the full name \"Ms. Barbara Jane Jensen, III\")."
+msgstr ""
+
+#: ../../docstring of canaille.core.models.User.groups:1
+#: 690f1b154c004cd4b73b9f3942abe467
+msgid "A list of groups to which the user belongs, either through direct membership, through nested groups, or dynamically calculated."
+msgstr ""
+
+#: ../../docstring of canaille.core.models.User.groups:4
+#: 2eb7b172e9b244b784e9be7ae251f62c
+msgid "The values are meant to enable expression of common group-based or role-based access control models, although no explicit authorization model is defined.  It is intended that the semantics of group membership and any behavior or authorization granted as a result of membership are defined by the service provider.  The canonical types \"direct\" and \"indirect\" are defined to describe how the group membership was derived.  Direct group membership indicates that the user is directly associated with the group and SHOULD indicate that clients may modify membership through the \"Group\" resource. Indirect membership indicates that user membership is transitive or dynamic and implies that clients cannot modify indirect group membership through the \"Group\" resource but MAY modify direct group membership through the \"Group\" resource, which may influence indirect memberships.  If the SCIM service provider exposes a \"Group\" resource, the \"value\" sub-attribute MUST be the \"id\", and the \"$ref\" sub-attribute must be the URI of the corresponding \"Group\" resources to which the user belongs.  Since this attribute has a mutability of \"readOnly\", group membership changes MUST be applied via the \"Group\" Resource (Section 4.2).  This attribute has a mutability of \"readOnly\"."
+msgstr ""
+
+#: ../../canaille/core/models.py:docstring of canaille.core.models.User.has_password:1
+#: 40ee4db8c45f4003bb48204deb440d98
+msgid "Check whether a password has been set for the user."
+msgstr ""
+
+#: ../../docstring of canaille.core.models.User.locality:1
+#: 3512695046244d34b61291df0b2982f7
+msgid "The city or locality component."
+msgstr ""
+
+#: ../../docstring of canaille.core.models.User.lock_date:1
+#: 31216009e3274f90bb09e07a3c667ccd
+msgid "A DateTime indicating when the resource was locked."
+msgstr ""
+
+#: ../../canaille/core/models.py:docstring of canaille.core.models.User.locked:1
+#: 1c62d35ba0c44d53870acd58383ae845
+msgid "Whether the user account has been locked or has expired."
+msgstr ""
+
+#: ../../docstring of canaille.core.models.User.organization:1
+#: 9e66d1ff732c4c9498199b3cd30133c2
+msgid "Identifies the name of an organization."
+msgstr ""
+
+#: ../../docstring of canaille.core.models.User.password:1
+#: dc7683784aaf49ad82908015dddc3327
+msgid "This attribute is intended to be used as a means to set, replace, or compare (i.e., filter for equality) a password.  The cleartext value or the hashed value of a password SHALL NOT be returnable by a service provider.  If a service provider holds the value locally, the value SHOULD be hashed.  When a password is set or changed by the client, the cleartext password SHOULD be processed by the service provider as follows:"
+msgstr ""
+
+#: ../../docstring of canaille.core.models.User.password:9
+#: 75d933d5170e459d871c082acdc18867
+msgid "Prepare the cleartext value for international language comparison.  See Section 7.8 of [RFC7644]."
+msgstr ""
+
+#: ../../docstring of canaille.core.models.User.password:12
+#: 8448f08bb8d94e489d01759c44573b27
+msgid "Validate the value against server password policy.  Note: The definition and enforcement of password policy are beyond the scope of this document."
+msgstr ""
+
+#: ../../docstring of canaille.core.models.User.password:16
+#: c21e45acd3eb4c948f20fad79c2589fb
+msgid "Ensure that the value is encrypted (e.g., hashed).  See Section 9.2 for acceptable hashing and encryption handling when storing or persisting for provisioning workflow reasons."
+msgstr ""
+
+#: ../../docstring of canaille.core.models.User.password:20
+#: 71a63d1b1da4473aab7849d83bae865d
+msgid "A service provider that immediately passes the cleartext value on to another system or programming interface MUST pass the value directly over a secured connection (e.g., Transport Layer Security (TLS)).  If the value needs to be temporarily persisted for a period of time (e.g., because of a workflow) before provisioning, then the value MUST be protected by some method, such as encryption."
+msgstr ""
+
+#: ../../docstring of canaille.core.models.User.password:28
+#: 6e667adf52f041cd91027ad22ec29e79
+msgid "Testing for an equality match MAY be supported if there is an existing stored hashed value.  When testing for equality, the service provider:"
+msgstr ""
+
+#: ../../docstring of canaille.core.models.User.password:32
+#: c5b24096ff7b4a70982efaf2b4a590a0
+msgid "Prepares the filter value for international language comparison.  See Section 7.8 of [RFC7644]."
+msgstr ""
+
+#: ../../docstring of canaille.core.models.User.password:35
+#: a01917d7f406402aae04d9fab29cce1f
+msgid "Generates the salted hash of the filter value and tests for a match with the locally held value."
+msgstr ""
+
+#: ../../docstring of canaille.core.models.User.password:38
+#: d014072927a8489c959cf01f30a02e52
+msgid "The mutability of the password attribute is \"writeOnly\", indicating that the value MUST NOT be returned by a service provider in any form (the attribute characteristic \"returned\" is \"never\")."
+msgstr ""
+
+#: ../../docstring of canaille.core.models.User.phone_numbers:1
+#: 22dabe92b12f42999acc57125936d9a4
+msgid "Phone numbers for the user."
+msgstr ""
+
+#: ../../docstring of canaille.core.models.User.phone_numbers:3
+#: 4e9f962969504e419f1ee1e42018b7e3
+msgid "The value SHOULD be specified according to the format defined in [RFC3966], e.g., 'tel:+1-201-555-0123'.  Service providers SHOULD canonicalize the value according to [RFC3966] format, when appropriate.  The \"display\" sub-attribute MAY be used to return the canonicalized representation of the phone number value.  The sub- attribute \"type\" often has typical values of \"work\", \"home\", \"mobile\", \"fax\", \"pager\", and \"other\" and MAY allow more types to be defined by the SCIM clients."
+msgstr ""
+
+#: ../../docstring of canaille.core.models.User.photo:1
+#: 8a1be24639d748fbb92e9026057c6108
+msgid "A URI that is a uniform resource locator (as defined in Section 1.1.3 of [RFC3986]) that points to a resource location representing the user's image."
+msgstr ""
+
+#: ../../docstring of canaille.core.models.User.photo:5
+#: 3c9a2c89c2e144e4a8e3a549099a0afc
+msgid "The resource MUST be a file (e.g., a GIF, JPEG, or PNG image file) rather than a web page containing an image.  Service providers MAY return the same image in different sizes, although it is recognized that no standard for describing images of various sizes currently exists.  Note that this attribute SHOULD NOT be used to send down arbitrary photos taken by this user; instead, profile photos of the user that are suitable for display when describing the user should be sent. Instead of the standard canonical values for type, this attribute defines the following canonical values to represent popular photo sizes: \"photo\" and \"thumbnail\"."
+msgstr ""
+
+#: ../../docstring of canaille.core.models.User.postal_code:1
+#: b8fd039fd49448fb8a1f2602864cdb31
+msgid "The zip code or postal code component."
+msgstr ""
+
+#: ../../docstring of canaille.core.models.User.preferred_language:1
+#: 78cc188b2ee94614ab5e68931c93b5e4
+msgid "Indicates the user's preferred written or spoken languages and is generally used for selecting a localized user interface."
+msgstr ""
+
+#: ../../docstring of canaille.core.models.User.preferred_language:4
+#: e957b1c5b5a0404d887870c7cb30361e
+msgid "The value indicates the set of natural languages that are preferred. The format of the value is the same as the HTTP Accept-Language header field (not including \"Accept-Language:\") and is specified in Section 5.3.5 of [RFC7231].  The intent of this value is to enable cloud applications to perform matching of language tags [RFC4647] to the user's language preferences, regardless of what may be indicated by a user agent (which might be shared), or in an interaction that does not involve a user (such as in a delegated OAuth 2.0 [RFC6749] style interaction) where normal HTTP Accept-Language header negotiation cannot take place."
+msgstr ""
+
+#: ../../docstring of canaille.core.models.User.profile_url:1
+#: 076f48982818474ca185bbb7ecc083bf
+msgid "A URI that is a uniform resource locator (as defined in Section 1.1.3 of [RFC3986]) and that points to a location representing the user's online profile (e.g., a web page)."
+msgstr ""
+
+#: ../../docstring of canaille.core.models.User.profile_url:5
+#: 850461e9fb3b4d709fcf76dd09c142b0
+msgid "URIs are canonicalized per Section 6.2 of [RFC3986]."
+msgstr ""
+
+#: ../../canaille/core/models.py:docstring of canaille.core.models.User.readable_fields:1
+#: b97df5cf09a748e79ea9971b8dba39d1
+msgid "The fields the user can read according to the :class:`configuration <canaille.core.configuration.ACLSettings>` configuration."
+msgstr ""
+
+#: ../../canaille/core/models.py:docstring of canaille.core.models.User.readable_fields:4
+#: b76c15b84378406fbc1249573072e5ca
+msgid "This does not include the :attr:`writable <canaille.core.models.User.writable_fields>` fields."
+msgstr ""
+
+#: ../../docstring of canaille.core.models.User.region:1
+#: 082b19222f8f4e25a4aa0aa0ecba0929
+msgid "The state or region component."
+msgstr ""
+
+#: ../../docstring of canaille.core.models.User.street:1
+#: 2c8f12c4f115443998f8cd1e22299be9
+msgid "The full street address component, which may include house number, street name, P.O."
+msgstr ""
+
+#: ../../docstring of canaille.core.models.User.street:4
+#: aba448bfd8da42758924353149dadc87
+msgid "box, and multi-line extended street address information.  This attribute MAY contain newlines."
+msgstr ""
+
+#: ../../docstring of canaille.core.models.User.title:1
+#: 62e0f8e9c68a4ecfac80add78ccd7142
+msgid "The user's title, such as \"Vice President\"."
+msgstr ""
+
+#: ../../docstring of canaille.core.models.User.user_name:1
+#: 293d739a09e94a099259ed4650bae8ac
+msgid "A service provider's unique identifier for the user, typically used by the user to directly authenticate to the service provider."
+msgstr ""
+
+#: ../../docstring of canaille.core.models.User.user_name:4
+#: c13edd0588bc4f9d991306cdfd54d80a
+msgid "Often displayed to the user as their unique identifier within the system (as opposed to \"id\" or \"externalId\", which are generally opaque and not user-friendly identifiers).  Each User MUST include a non-empty userName value.  This identifier MUST be unique across the service provider's entire set of Users.  This attribute is REQUIRED and is case insensitive."
+msgstr ""
+
+#: ../../canaille/core/models.py:docstring of canaille.core.models.User.writable_fields:1
+#: bce25550d966456fb325f488d3989446
+msgid "The fields the user can write according to the :class:`configuration <canaille.core.configuration.ACLSettings>`."
+msgstr ""
+
+#: ../../canaille/oidc/basemodels.py:docstring of canaille.oidc.basemodels.AuthorizationCode:1
+#: edd3de5bfc4d4ae881494d6ba9e94342
+msgid "OpenID Connect temporary authorization code definition."
+msgstr ""
+
+#: ../../canaille/oidc/basemodels.py:docstring of canaille.oidc.basemodels.Client:1
+#: 8e9b301343f149de94a1d40e8b591125
+msgid "OpenID Connect client definition, based on the `OAuth 2.0 Dynamic Client Registration protocols <https://datatracker.ietf.org/doc/html/rfc7591.html>`_ and the `OpenID Connect RP-Initiated Logout <https://openid.net/specs/openid-connect-rpinitiated-1_0.html>`_ specifications."
+msgstr ""
+
+#: ../../docstring of canaille.oidc.basemodels.Client.client_id:3
+#: e45f4fee2fdb46e7bb31460fddf3400a
+msgid "OAuth 2.0 client identifier string.  It SHOULD NOT be currently valid for any other registered client, though an authorization server MAY issue the same client identifier to multiple instances of a registered client at its discretion."
+msgstr ""
+
+#: ../../docstring of canaille.oidc.basemodels.Client.client_id_issued_at:1
+#: ../../docstring of canaille.oidc.basemodels.Client.client_secret:1
+#: ../../docstring of canaille.oidc.basemodels.Client.post_logout_redirect_uris:1
+#: c9328ff136fb490cb6810fd738cd32c3
+#: 7e4168f5eef24ce7a0fdfcd1a34ac0b1
+#: 1ea64fb459e343a58a8c09ffb8fb046c
+msgid "OPTIONAL."
+msgstr ""
+
+#: ../../docstring of canaille.oidc.basemodels.Client.client_id_issued_at:3
+#: 673ada2798054ac5aaceccb2e11fa62c
+msgid "Time at which the client identifier was issued.  The time is represented as the number of seconds from 1970-01-01T00:00:00Z as measured in UTC until the date/time of issuance."
+msgstr ""
+
+#: ../../docstring of canaille.oidc.basemodels.Client.client_name:1
+#: 884645dd183e4deaacd7b26efbeae4b0
+msgid "Human-readable string name of the client to be presented to the end-user during authorization."
+msgstr ""
+
+#: ../../docstring of canaille.oidc.basemodels.Client.client_name:4
+#: e71d8bfba20a4451bf78c67859250e85
+msgid "If omitted, the authorization server MAY display the raw \"client_id\" value to the end-user instead.  It is RECOMMENDED that clients always send this field. The value of this field MAY be internationalized, as described in Section 2.2."
+msgstr ""
+
+#: ../../docstring of canaille.oidc.basemodels.Client.client_secret:3
+#: 317b9d7d12754d8e81ccdbdbb69027a3
+msgid "OAuth 2.0 client secret string.  If issued, this MUST be unique for each \"client_id\" and SHOULD be unique for multiple instances of a client using the same \"client_id\".  This value is used by confidential clients to authenticate to the token endpoint, as described in OAuth 2.0 [RFC6749], Section 2.3.1."
+msgstr ""
+
+#: ../../docstring of canaille.oidc.basemodels.Client.client_secret_expires_at:1
+#: 4e7d6ee56b7d4f3ba2bdda60e9a8428c
+msgid "REQUIRED if \"client_secret\" is issued."
+msgstr ""
+
+#: ../../docstring of canaille.oidc.basemodels.Client.client_secret_expires_at:3
+#: 7eff790c6fed4a40b4afbf0c48e8f9b7
+msgid "Time at which the client secret will expire or 0 if it will not expire.  The time is represented as the number of seconds from 1970-01-01T00:00:00Z as measured in UTC until the date/time of expiration."
+msgstr ""
+
+#: ../../docstring of canaille.oidc.basemodels.Client.client_uri:1
+#: c808c4be36474628b978c4f87622d9bb
+msgid "URL string of a web page providing information about the client."
+msgstr ""
+
+#: ../../docstring of canaille.oidc.basemodels.Client.client_uri:3
+#: eadc2f25087d476fb020f699c9f630c0
+msgid "If present, the server SHOULD display this URL to the end-user in a clickable fashion.  It is RECOMMENDED that clients always send this field.  The value of this field MUST point to a valid web page.  The value of this field MAY be internationalized, as described in Section 2.2."
+msgstr ""
+
+#: ../../docstring of canaille.oidc.basemodels.Client.contacts:1
+#: b2ba960845ec4d37955854ef04ff3439
+msgid "Array of strings representing ways to contact people responsible for this client, typically email addresses."
+msgstr ""
+
+#: ../../docstring of canaille.oidc.basemodels.Client.contacts:4
+#: f16aba83e47541b9a0a1b9fb36d5ebbd
+msgid "The authorization server MAY make these contact addresses available to end-users for support requests for the client.  See Section 6 for information on Privacy Considerations."
+msgstr ""
+
+#: ../../docstring of canaille.oidc.basemodels.Client.grant_types:1
+#: 9279cc2620e247239620ce27cc3f25be
+msgid "Array of OAuth 2.0 grant type strings that the client can use at the token endpoint.  These grant types are defined as follows:"
+msgstr ""
+
+#: ../../docstring of canaille.oidc.basemodels.Client.grant_types:4
+#: 3531d80222174772b72c7d0365ae585b
+msgid "\"authorization_code\": The authorization code grant type defined in OAuth 2.0, Section 4.1."
+msgstr ""
+
+#: ../../docstring of canaille.oidc.basemodels.Client.grant_types:7
+#: 700823977a854c0ab4b31683d3537526
+msgid "\"implicit\": The implicit grant type defined in OAuth 2.0, Section 4.2."
+msgstr ""
+
+#: ../../docstring of canaille.oidc.basemodels.Client.grant_types:10
+#: 9edafc4daf7d495d91ad5c3e3945373f
+msgid "\"password\": The resource owner password credentials grant type defined in OAuth 2.0, Section 4.3."
+msgstr ""
+
+#: ../../docstring of canaille.oidc.basemodels.Client.grant_types:13
+#: 606dd7b652ee432db4df96731cb74c83
+msgid "\"client_credentials\": The client credentials grant type defined in OAuth 2.0, Section 4.4."
+msgstr ""
+
+#: ../../docstring of canaille.oidc.basemodels.Client.grant_types:16
+#: e89ed9beba1c4bad87c8debcb3a6f7ea
+msgid "\"refresh_token\": The refresh token grant type defined in OAuth 2.0, Section 6."
+msgstr ""
+
+#: ../../docstring of canaille.oidc.basemodels.Client.grant_types:19
+#: 278f7b5438fc4abba32e99a2cfd051e0
+msgid "\"urn:ietf:params:oauth:grant-type:jwt-bearer\": The JWT Bearer Token Grant Type defined in OAuth JWT Bearer Token Profiles [RFC7523]."
+msgstr ""
+
+#: ../../docstring of canaille.oidc.basemodels.Client.grant_types:23
+#: f6d6e6c6e6fd4d059f4414322c5b2816
+msgid "\"urn:ietf:params:oauth:grant-type:saml2-bearer\": The SAML 2.0 Bearer Assertion Grant defined in OAuth SAML 2 Bearer Token Profiles [RFC7522]."
+msgstr ""
+
+#: ../../docstring of canaille.oidc.basemodels.Client.grant_types:27
+#: df3a20a122e44a0f85ff153097c75299
+msgid "If the token endpoint is used in the grant type, the value of this parameter MUST be the same as the value of the \"grant_type\" parameter passed to the token endpoint defined in the grant type definition.  Authorization servers MAY allow for other values as defined in the grant type extension process described in OAuth 2.0, Section 4.5.  If omitted, the default behavior is that the client will use only the \"authorization_code\" Grant Type."
+msgstr ""
+
+#: ../../docstring of canaille.oidc.basemodels.Client.jwk:1
+#: b28be1904349499bbb8a81a044e4d67d
+msgid "Client's JSON Web Key Set [RFC7517] document value, which contains the client's public keys."
+msgstr ""
+
+#: ../../docstring of canaille.oidc.basemodels.Client.jwk:4
+#: f70ddda717154155a67fd9257f4e2a29
+msgid "The value of this field MUST be a JSON object containing a valid JWK Set.  These keys can be used by higher-level protocols that use signing or encryption.  This parameter is intended to be used by clients that cannot use the \"jwks_uri\" parameter, such as native clients that cannot host public URLs.  The \"jwks_uri\" and \"jwks\" parameters MUST NOT both be present in the same request or response."
+msgstr ""
+
+#: ../../docstring of canaille.oidc.basemodels.Client.jwks_uri:1
+#: e77c6d704ba34b1a8ae9191a549fc105
+msgid "URL string referencing the client's JSON Web Key (JWK) Set [RFC7517] document, which contains the client's public keys."
+msgstr ""
+
+#: ../../docstring of canaille.oidc.basemodels.Client.jwks_uri:4
+#: 07c3977b5cc6478582c40bfda3818dca
+msgid "The value of this field MUST point to a valid JWK Set document. These keys can be used by higher-level protocols that use signing or encryption.  For instance, these keys might be used by some applications for validating signed requests made to the token endpoint when using JWTs for client authentication [RFC7523].  Use of this parameter is preferred over the \"jwks\" parameter, as it allows for easier key rotation.  The \"jwks_uri\" and \"jwks\" parameters MUST NOT both be present in the same request or response."
+msgstr ""
+
+#: ../../docstring of canaille.oidc.basemodels.Client.logo_uri:1
+#: 1e78b0b24ba74fce9796a178d03f9a68
+msgid "URL string that references a logo for the client."
+msgstr ""
+
+#: ../../docstring of canaille.oidc.basemodels.Client.logo_uri:3
+#: 8047900a37a946c5819126e4d5b1a6f2
+msgid "If present, the server SHOULD display this image to the end-user during approval. The value of this field MUST point to a valid image file.  The value of this field MAY be internationalized, as described in Section 2.2."
+msgstr ""
+
+#: ../../docstring of canaille.oidc.basemodels.Client.policy_uri:1
+#: 196ad277ca0d48e39e3b050fbd6c7420
+msgid "URL string that points to a human-readable privacy policy document that describes how the deployment organization collects, uses, retains, and discloses personal data."
+msgstr ""
+
+#: ../../docstring of canaille.oidc.basemodels.Client.policy_uri:5
+#: ../../docstring of canaille.oidc.basemodels.Client.tos_uri:5
+#: 44ffb5b8755147ffa444c857bb4cb9d7
+#: ccc2d89b967b4e17a53b8ac2c26b263f
+msgid "The authorization server SHOULD display this URL to the end-user if it is provided.  The value of this field MUST point to a valid web page.  The value of this field MAY be internationalized, as described in Section 2.2."
+msgstr ""
+
+#: ../../docstring of canaille.oidc.basemodels.Client.post_logout_redirect_uris:3
+#: 40a2fe5d5daf49c184873ddddffa1893
+msgid "Array of URLs supplied by the RP to which it MAY request that the End-User's User Agent be redirected using the post_logout_redirect_uri parameter after a logout has been performed. These URLs SHOULD use the https scheme and MAY contain port, path, and query parameter components; however, they MAY use the http scheme, provided that the Client Type is confidential, as defined in Section 2.1 of OAuth 2.0 [RFC6749], and provided the OP allows the use of http RP URIs."
+msgstr ""
+
+#: ../../docstring of canaille.oidc.basemodels.Client.redirect_uris:1
+#: 9a28211e567845cbba7ac1bee6666f4a
+msgid "Array of redirection URI strings for use in redirect-based flows such as the authorization code and implicit flows."
+msgstr ""
+
+#: ../../docstring of canaille.oidc.basemodels.Client.redirect_uris:4
+#: 2afba64218f040f1989433931c19d5e1
+msgid "As required by Section 2 of OAuth 2.0 [RFC6749], clients using flows with redirection MUST register their redirection URI values. Authorization servers that support dynamic registration for redirect-based flows MUST implement support for this metadata value."
+msgstr ""
+
+#: ../../docstring of canaille.oidc.basemodels.Client.response_types:1
+#: 89ed3097a94f43dc83b564e94b3179f7
+msgid "Array of the OAuth 2.0 response type strings that the client can use at the authorization endpoint.  These response types are defined as follows:"
+msgstr ""
+
+#: ../../docstring of canaille.oidc.basemodels.Client.response_types:5
+#: f58fbc4e912f4a07910f7dde4deb4886
+msgid "\"code\": The authorization code response type defined in OAuth 2.0, Section 4.1."
+msgstr ""
+
+#: ../../docstring of canaille.oidc.basemodels.Client.response_types:8
+#: ea813f0274b44fe2a03e1215606dcca0
+msgid "\"token\": The implicit response type defined in OAuth 2.0, Section 4.2."
+msgstr ""
+
+#: ../../docstring of canaille.oidc.basemodels.Client.response_types:11
+#: e855edc4d7984aa68dd8bd2609bd4925
+msgid "If the authorization endpoint is used by the grant type, the value of this parameter MUST be the same as the value of the \"response_type\" parameter passed to the authorization endpoint defined in the grant type definition.  Authorization servers MAY allow for other values as defined in the grant type extension process is described in OAuth 2.0, Section 4.5.  If omitted, the default is that the client will use only the \"code\" response type."
+msgstr ""
+
+#: ../../docstring of canaille.oidc.basemodels.Client.scope:1
+#: 203b6265a65f43678bd3525158d35ed5
+msgid "String containing a space-separated list of scope values (as described in Section 3.3 of OAuth 2.0 [RFC6749]) that the client can use when requesting access tokens."
+msgstr ""
+
+#: ../../docstring of canaille.oidc.basemodels.Client.scope:5
+#: ccb3e8902413435da8ef2b347ee6f524
+msgid "The semantics of values in this list are service specific.  If omitted, an authorization server MAY register a client with a default set of scopes."
+msgstr ""
+
+#: ../../docstring of canaille.oidc.basemodels.Client.software_id:1
+#: 1c3a6b1855e6484286e2a7ead64545ca
+msgid "A unique identifier string (e.g., a Universally Unique Identifier (UUID)) assigned by the client developer or software publisher used by registration endpoints to identify the client software to be dynamically registered."
+msgstr ""
+
+#: ../../docstring of canaille.oidc.basemodels.Client.software_id:6
+#: 92bca122a33f4ad2aa156a357d7abbc9
+msgid "Unlike \"client_id\", which is issued by the authorization server and SHOULD vary between instances, the \"software_id\" SHOULD remain the same for all instances of the client software.  The \"software_id\" SHOULD remain the same across multiple updates or versions of the same piece of software.  The value of this field is not intended to be human readable and is usually opaque to the client and authorization server."
+msgstr ""
+
+#: ../../docstring of canaille.oidc.basemodels.Client.software_version:1
+#: 7b41f56df51642a99f7bdbaf40269981
+msgid "A version identifier string for the client software identified by \"software_id\"."
+msgstr ""
+
+#: ../../docstring of canaille.oidc.basemodels.Client.software_version:4
+#: 02558244f5a141e193400a177f45b84e
+msgid "The value of the \"software_version\" SHOULD change on any update to the client software identified by the same \"software_id\".  The value of this field is intended to be compared using string equality matching and no other comparison semantics are defined by this specification.  The value of this field is outside the scope of this specification, but it is not intended to be human readable and is usually opaque to the client and authorization server.  The definition of what constitutes an update to client software that would trigger a change to this value is specific to the software itself and is outside the scope of this specification."
+msgstr ""
+
+#: ../../docstring of canaille.oidc.basemodels.Client.token_endpoint_auth_method:1
+#: e508c45da1ae48f19b7ee8441976c669
+msgid "String indicator of the requested authentication method for the token endpoint.  Values defined by this specification are:"
+msgstr ""
+
+#: ../../docstring of canaille.oidc.basemodels.Client.token_endpoint_auth_method:4
+#: 8a3f3b84f62b4438a5ed5fbb9e98bef5
+msgid "\"none\": The client is a public client as defined in OAuth 2.0, Section 2.1, and does not have a client secret."
+msgstr ""
+
+#: ../../docstring of canaille.oidc.basemodels.Client.token_endpoint_auth_method:7
+#: 0a2a945397264911947f1eb4e8591bbf
+msgid "\"client_secret_post\": The client uses the HTTP POST parameters as defined in OAuth 2.0, Section 2.3.1."
+msgstr ""
+
+#: ../../docstring of canaille.oidc.basemodels.Client.token_endpoint_auth_method:10
+#: 3852640761c84dbfb1e94502c59cd753
+msgid "\"client_secret_basic\": The client uses HTTP Basic as defined in OAuth 2.0, Section 2.3.1."
+msgstr ""
+
+#: ../../docstring of canaille.oidc.basemodels.Client.token_endpoint_auth_method:13
+#: e1a40f43702c4916bcfa4584c26611ea
+msgid "Additional values can be defined via the IANA \"OAuth Token Endpoint Authentication Methods\" registry established in Section 4.2.  Absolute URIs can also be used as values for this parameter without being registered.  If unspecified or omitted, the default is \"client_secret_basic\", denoting the HTTP Basic authentication scheme as specified in Section 2.3.1 of OAuth 2.0."
+msgstr ""
+
+#: ../../docstring of canaille.oidc.basemodels.Client.tos_uri:1
+#: a6cd2971183b42bcbb8e50649d19fc7e
+msgid "URL string that points to a human-readable terms of service document for the client that describes a contractual relationship between the end-user and the client that the end-user accepts when authorizing the client."
+msgstr ""
+
+#: ../../canaille/oidc/basemodels.py:docstring of canaille.oidc.basemodels.Consent:1
+#: 5b6f0884f0fa40aa8a74cc3a3553d88f
+msgid "Long-term user consent to an application."
+msgstr ""
+
+#: ../../canaille/oidc/basemodels.py:docstring of canaille.oidc.basemodels.Token:1
+#: 0536543f92654e49b7a69b057d076a38
+msgid "OpenID Connect token definition."
+msgstr ""
diff --git a/doc/gettext/tutorial/databases.pot b/doc/gettext/tutorial/databases.pot
new file mode 100644
index 00000000..c00b9e12
--- /dev/null
+++ b/doc/gettext/tutorial/databases.pot
@@ -0,0 +1,153 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) 2024, Yaal Coop
+# This file is distributed under the same license as the canaille package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: canaille 0.0.56\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2024-11-22 16:20+0100\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../tutorial/databases.rst:2
+#: 527d8f3cbe0a441abe4e66c3c3a8e45b
+msgid "Databases"
+msgstr ""
+
+#: ../tutorial/databases.rst:4
+#: 7ba0b9a14fce436595c5ebde78aae946
+msgid "Canaille can read and save data in different databases. This page presents the different database backends and their specificities:"
+msgstr ""
+
+#: ../tutorial/databases.rst:8
+#: 79cee50c147545ce9bdac814bcfe8609
+msgid "Memory"
+msgstr ""
+
+#: ../tutorial/databases.rst:10
+#: e3f9746afd40417e9b6324eb9feed900
+msgid "Canaille comes with a lightweight inmemory backend by default. It is used when no other backend has been configured."
+msgstr ""
+
+#: ../tutorial/databases.rst:13
+#: c99976af30a84dd88144af1f94fa4f1f
+msgid "This backend is only for test purpose and should not be used in production environments."
+msgstr ""
+
+#: ../tutorial/databases.rst:16
+#: 2cc56bb5b80e44acbf72f33c06b160ac
+msgid "SQL"
+msgstr ""
+
+#: ../tutorial/databases.rst:18
+#: 810f5fc5e5c44da2aeed71b98964cdb5
+msgid "Canaille can use any database supported by `SQLAlchemy <https://www.sqlalchemy.org/>`_, such as sqlite, postgresql or mariadb."
+msgstr ""
+
+#: ../tutorial/databases.rst:21
+#: 2bc43b31141a40ee931dd4dccb78072b
+msgid "It is used when the ``CANAILLE_SQL`` configuration parameter is defined. For instance:"
+msgstr ""
+
+#: ../tutorial/databases.rst:23
+#: ../tutorial/databases.rst:37
+#: 4c8504504a3647198afac5c8d87813f7
+#: 196b09a796c04d4b9066bd463f5e239b
+msgid "config.toml"
+msgstr ""
+
+#: ../tutorial/databases.rst:29
+#: 05c9a85af5f04ad08741ff83efa7a3a0
+msgid "You can find more details on the SQL configuration in the :class:`dedicated section <canaille.backends.sql.configuration.SQLSettings>`."
+msgstr ""
+
+#: ../tutorial/databases.rst:32
+#: 91a683cbbdc745549e37499598c1aa4a
+msgid "LDAP"
+msgstr ""
+
+#: ../tutorial/databases.rst:34
+#: 0dcba883340c4f67b21d69b9f9078c48
+msgid "Canaille can use OpenLDAP as its main database. It is used when the ``CANAILLE_LDAP`` configuration parameter is defined. For instance:"
+msgstr ""
+
+#: ../tutorial/databases.rst:52
+#: 90ed3908de454594b1e76e5725056c81
+msgid "You can find more details on the LDAP configuration in the :class:`dedicated section <canaille.backends.ldap.configuration.LDAPSettings>`."
+msgstr ""
+
+#: ../tutorial/databases.rst:55
+#: 2c43e9f79276492c84248e35508188a9
+msgid "Currently, only the ``inetOrgPerson`` and ``groupOfNames`` schemas have been tested. If you want to use different schemas or LDAP servers, adaptations may be needed. Patches are welcome."
+msgstr ""
+
+#: ../tutorial/databases.rst:60
+#: ad13059a843e41ceb3d105e609722063
+msgid "OpenLDAP overlays integration"
+msgstr ""
+
+#: ../tutorial/databases.rst:62
+#: 4574a3d570f04d96a49722ff77c2695a
+msgid "Canaille can integrate with several OpenLDAP overlays:"
+msgstr ""
+
+#: ../tutorial/databases.rst:65
+#: 4dd1354faaac48559deae338b4f090b5
+msgid "memberof / refint"
+msgstr ""
+
+#: ../tutorial/databases.rst:67
+#: 0439ad64ecb844fdaa1737a3c9e473cc
+msgid "`memberof <https://www.openldap.org/doc/admin26/overlays.html#Reverse%20Group%20Membership%20Maintenance>`_ and `refint <https://www.openldap.org/doc/admin26/overlays.html#Referential%20Integrity>`_ overlays are needed for the Canaille group membership to work correctly."
+msgstr ""
+
+#: ../tutorial/databases.rst:71
+#: ../tutorial/databases.rst:94
+#: faa33ea8871f4e34ac2c64cc72fdf812
+#: 06709ee4d5f844568221f14c64b5c30b
+msgid "Here is a configuration example compatible with canaille:"
+msgstr ""
+
+#: ../tutorial/databases.rst:73
+#: ebbf217acbd74c889aa84489628bae35
+msgid "memberof-config.ldif"
+msgstr ""
+
+#: ../tutorial/databases.rst:77
+#: 6b433a46ef87490bbaba6472563969c4
+msgid "refint-config.ldif"
+msgstr ""
+
+#: ../tutorial/databases.rst:81
+#: ../tutorial/databases.rst:104
+#: 861e354e7cfb47049661986cb4e35787
+#: b8ccf6ef78aa471ead32733e0381b055
+msgid "You can adapt and load those configuration files with:"
+msgstr ""
+
+#: ../tutorial/databases.rst:90
+#: 3a182ba0d6784956b95eaf634a6fc06f
+msgid "ppolicy"
+msgstr ""
+
+#: ../tutorial/databases.rst:92
+#: 83a2d62977b045ad8abe86ccc98759cb
+msgid "If the `ppolicy <https://www.ietf.org/archive/id/draft-behera-ldap-password-policy-11.html>`_ overlay is configured and the ``pwdEndTime`` attribute is available (since OpenLDAP 2.6), then account locking support will be enabled in canaille. To allow users to manage account expiration, they need to have a *write* permission on the :attr:`~canaille.core.models.User.lock_date` attribute."
+msgstr ""
+
+#: ../tutorial/databases.rst:96
+#: 791a6d05f787498487e083e108ce34de
+msgid "ppolicy-config.ldif"
+msgstr ""
+
+#: ../tutorial/databases.rst:100
+#: 0f9d8b20ec7f4043b83d6312b1058939
+msgid "ppolicy.ldif"
+msgstr ""
diff --git a/doc/gettext/tutorial/deployment.pot b/doc/gettext/tutorial/deployment.pot
new file mode 100644
index 00000000..d78172f3
--- /dev/null
+++ b/doc/gettext/tutorial/deployment.pot
@@ -0,0 +1,122 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) 2024, Yaal Coop
+# This file is distributed under the same license as the canaille package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: canaille 0.0.56\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2024-11-22 16:20+0100\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../tutorial/deployment.rst:2
+#: eeee7ba0fc3d44e7ad224ef2b2aad5d0
+msgid "Deployment"
+msgstr ""
+
+#: ../tutorial/deployment.rst:5
+#: e9ce862abbc94cd280400ab2e3b54839
+msgid "Application service"
+msgstr ""
+
+#: ../tutorial/deployment.rst:7
+#: 433485ad5c09467dafdf34069fca8cf7
+msgid "After having finished Canaille installation you have to run it in a WSGI application server. Here are some WSGI server configuration examples you can pick. Do not forget to update the paths."
+msgstr ""
+
+#: ../tutorial/deployment.rst:11
+#: b95ad5bdf60a4fa38668de444a350143
+msgid "gunicorn"
+msgstr ""
+
+#: ../tutorial/deployment.rst:13
+#: 71031d675d424a039075b7010b6aecaa
+msgid "Todo"
+msgstr ""
+
+#: ../tutorial/deployment.rst:15
+#: b4cd24e95f8649feb0bccc4077c530cc
+msgid "Write a gunicorn configuration sample file."
+msgstr ""
+
+#: ../tutorial/deployment.rst:18
+#: 1035487ff04444699065497aa5c27428
+msgid "uwsgi"
+msgstr ""
+
+#: ../tutorial/deployment.rst:42
+#: 99cd8ef482f84cbb9a924a9a3fef3f8f
+msgid "Webserver"
+msgstr ""
+
+#: ../tutorial/deployment.rst:44
+#: 123b2a6d36ba426cb333611e82f4b49f
+msgid "Now you have to plug your WSGI application server to your webserver so it is accessible on the internet. Here are some webserver configuration examples you can pick:"
+msgstr ""
+
+#: ../tutorial/deployment.rst:48
+#: a4206d1009c949e1aa406adc1e6f37a0
+msgid "Nginx"
+msgstr ""
+
+#: ../tutorial/deployment.rst:114
+#: 15b5ad9ca9d3428f889b223b0ffb58c7
+msgid "Apache"
+msgstr ""
+
+#: ../tutorial/deployment.rst:153
+#: fb75b2d60ce34f30a23ebcb46860c0b4
+msgid "Recurrent jobs"
+msgstr ""
+
+#: ../tutorial/deployment.rst:155
+#: 7f2c34b8393547c3ae17c156d98e0080
+msgid "You might want to clean up your database to avoid it growing too much. You can regularly delete expired tokens and authorization codes with:"
+msgstr ""
+
+#: ../tutorial/deployment.rst:164
+#: 0189b125934b4accb96c2ac6431dda33
+msgid "Webfinger"
+msgstr ""
+
+#: ../tutorial/deployment.rst:166
+#: 2fb122255bb94ea38ac3fe43bc6ee696
+msgid "You may want to configure a `WebFinger`_ endpoint on your main website to allow the automatic discovery of your Canaille installation based on the account name of one of your users. For instance, suppose your domain is ``mydomain.example`` and your Canaille domain is ``auth.mydomain.example`` and there is a user ``john.doe``. A third-party application could require to authenticate the user and ask them for a user account. The user would give their account ``john.doe@mydomain.example``, then the application would perform a WebFinger request at ``https://mydomain.example/.well-known/webfinger`` and the response would contain the address of the authentication server ``https://auth.mydomain.example``. With this information the third party application can redirect the user to the Canaille authentication page."
+msgstr ""
+
+#: ../tutorial/deployment.rst:168
+#: 2d0d75109fc0461282d6917878208cea
+msgid "The difficulty here is that the WebFinger endpoint must be hosted at the top-level domain (i.e. ``mydomain.example``) while the authentication server might be hosted on a sublevel (i.e. ``auth.mydomain.example``). Canaille provides a WebFinger endpoint, but if it is not hosted at the top-level domain, a web redirection is required on the ``/.well-known/webfinger`` path."
+msgstr ""
+
+#: ../tutorial/deployment.rst:170
+#: 82732f3561f44bba97416ecd74352d0e
+msgid "Here are configuration examples for Nginx or Apache:"
+msgstr ""
+
+#: ../tutorial/deployment.rst:172
+#: b9f6e24c2e3b4b3c8ba3e8a7c225d03c
+msgid "Nginx webfinger configuration for a top level domain"
+msgstr ""
+
+#: ../tutorial/deployment.rst:181
+#: 6613fc5b59614b38b1a967034e5ba97e
+msgid "Apache webfinger configuration for a top level domain"
+msgstr ""
+
+#: ../tutorial/deployment.rst:191
+#: c8e3fbc8941d4a40861b215a2e7fb645
+msgid "Create the first user"
+msgstr ""
+
+#: ../tutorial/deployment.rst:193
+#: c96af5c60d2b4472ac220cde78341607
+msgid "Once canaille is installed, soon enough you will need to add users. To create your first user you can use the :ref:`canaille create <cli_create>` CLI."
+msgstr ""
diff --git a/doc/gettext/tutorial/index.pot b/doc/gettext/tutorial/index.pot
new file mode 100644
index 00000000..666a6f38
--- /dev/null
+++ b/doc/gettext/tutorial/index.pot
@@ -0,0 +1,22 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) 2024, Yaal Coop
+# This file is distributed under the same license as the canaille package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: canaille 0.0.56\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2024-11-22 16:20+0100\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../tutorial/index.rst:2
+#: c7edcdeccf6f40c388fc80d827c09096
+msgid "Tutorial"
+msgstr ""
diff --git a/doc/gettext/tutorial/install.pot b/doc/gettext/tutorial/install.pot
new file mode 100644
index 00000000..bc2b8e27
--- /dev/null
+++ b/doc/gettext/tutorial/install.pot
@@ -0,0 +1,132 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) 2024, Yaal Coop
+# This file is distributed under the same license as the canaille package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: canaille 0.0.56\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2024-11-22 16:20+0100\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../tutorial/install.rst:2
+#: 3461075d4b16480d9daabb8d1d789005
+msgid "Installation"
+msgstr ""
+
+#: ../tutorial/install.rst:6
+#: 8def0eb60a6747fe917c611b88e4671b
+msgid "Canaille is under heavy development and may not fit a production environment yet."
+msgstr ""
+
+#: ../tutorial/install.rst:8
+#: 1d89fce4c8e741b28fea91ad93806d31
+msgid "The installation of canaille consist in several steps, some of which you can do manually or with command line tool:"
+msgstr ""
+
+#: ../tutorial/install.rst:11
+#: f36a9eed165f438199b75da27df7c168
+msgid "Get the code"
+msgstr ""
+
+#: ../tutorial/install.rst:13
+#: ccb1d89539184e6ea49b201aeadd4ca0
+msgid "As the moment there is no distribution package for canaille. However, it can be installed with the ``pip`` package manager. Let us choose a place for the canaille environment, like ``/opt/canaille/env``."
+msgstr ""
+
+#: ../tutorial/install.rst:24
+#: bbce9cea800b4f43b5438ad52438b744
+msgid "Extras"
+msgstr ""
+
+#: ../tutorial/install.rst:26
+#: 99d5dad5e3db42e188605845597aade5
+msgid "Canaille provides different package options:"
+msgstr ""
+
+#: ../tutorial/install.rst:28
+#: 9f420ef948f842f580648d92b8df7905
+msgid "`front` provides all the things needed to produce the user interface;"
+msgstr ""
+
+#: ../tutorial/install.rst:29
+#: d8e6f9d5f7f44b66b1e8cba275ad5ee3
+msgid "`oidc` provides the dependencies to perform OAuth2/OIDC authentication;"
+msgstr ""
+
+#: ../tutorial/install.rst:30
+#: 5c3be3c28af94a87bdbc7a45f64533a2
+msgid "`ldap` provides the dependencies to enable the LDAP backend;"
+msgstr ""
+
+#: ../tutorial/install.rst:31
+#: e33c8883f49846b1b821424dbf8f07e1
+msgid "`sqlite` provides the dependencies to enable the SQLite backend;"
+msgstr ""
+
+#: ../tutorial/install.rst:32
+#: 38f9ec9aa2f842f5b1b7bdf330080037
+msgid "`postgresql` provides the dependencies to enable the PostgreSQL backend;"
+msgstr ""
+
+#: ../tutorial/install.rst:33
+#: 9ca2ef4d86c54b3badef060b2973b9e4
+msgid "`mysql` provides the dependencies to enable the MySQL backend;"
+msgstr ""
+
+#: ../tutorial/install.rst:34
+#: f814e1792e0241558307dbccf11edbce
+msgid "`sentry` provides sentry integration to watch Canaille exceptions;"
+msgstr ""
+
+#: ../tutorial/install.rst:35
+#: 116fca1cb69748238bc82a0f37310059
+msgid "`all` provides all the extras above."
+msgstr ""
+
+#: ../tutorial/install.rst:37
+#: 48e42538a8604a87be1b3c65e21efd82
+msgid "They can be installed with:"
+msgstr ""
+
+#: ../tutorial/install.rst:44
+#: 992c7266ab8a417bb15541cf159b1402
+msgid "Configure"
+msgstr ""
+
+#: ../tutorial/install.rst:46
+#: 245524dcf0c84750b2e48712ce6f03e7
+msgid "Choose a path where to store your configuration file. You can pass any configuration path with the ``CONFIG`` environment variable."
+msgstr ""
+
+#: ../tutorial/install.rst:54
+#: bdf30558d57c43c5a47552341bb537e1
+msgid "You should then edit your configuration file to adapt the values to your needs. Look at the configuration details in the :doc:`configuration <../references/configuration>` page."
+msgstr ""
+
+#: ../tutorial/install.rst:57
+#: de2f194462264504aa4590443184e4c7
+msgid "Install"
+msgstr ""
+
+#: ../tutorial/install.rst:59
+#: fe3a5ed380e14ea0bbc9d43035e4157a
+msgid "The :ref:`install command <cli_install>` will apply most of the things needed to get Canaille working. Depending on the configured :doc:`database <databases>` it will create the SQL tables, or install the LDAP schemas for instance."
+msgstr ""
+
+#: ../tutorial/install.rst:68
+#: ca9856eb1ee74dc7830a408ed12fd806
+msgid "Check"
+msgstr ""
+
+#: ../tutorial/install.rst:70
+#: 976deff22c0c4ddb871dbe4b8c3f2fa4
+msgid "After a manual installation, you can check your configuration file using the :ref:`check command <cli_install>`:"
+msgstr ""
diff --git a/doc/gettext/tutorial/troubleshooting.pot b/doc/gettext/tutorial/troubleshooting.pot
new file mode 100644
index 00000000..be4168e1
--- /dev/null
+++ b/doc/gettext/tutorial/troubleshooting.pot
@@ -0,0 +1,92 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) 2024, Yaal Coop
+# This file is distributed under the same license as the canaille package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: canaille 0.0.56\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2024-11-22 16:20+0100\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../tutorial/troubleshooting.rst:2
+#: a7d8552e4975449789812d67b23b345f
+msgid "Troubleshooting"
+msgstr ""
+
+#: ../tutorial/troubleshooting.rst:5
+#: 00bfa2fa35ff434fae80081ae567520b
+msgid "The web interface throws useless error messages"
+msgstr ""
+
+#: ../tutorial/troubleshooting.rst:7
+#: ec56d81e02e049808b5aa5d51d4b0c40
+msgid "Unless the current user has admin :class:`permissions <canaille.core.configuration.Permission>`, or the installation is in :attr:`~canaille.app.configuration.RootSettings.DEBUG` mode, error messages won't be too technical. For instance, you can see *The request you made is invalid*. To enable detailed error messages, you can **temporarily** enable the :attr:`~canaille.app.configuration.RootSettings.DEBUG` configuration parameter."
+msgstr ""
+
+#: ../tutorial/troubleshooting.rst:12
+#: 6cd00bba302b4ac7a814318fff5f1d98
+msgid "How to manually install LDAP schemas?"
+msgstr ""
+
+#: ../tutorial/troubleshooting.rst:16
+#: 383bf19fef474ad0bfcd432537867b7d
+msgid "Schema installation can be automatically done using the :ref:`install command <cli_install>`."
+msgstr ""
+
+#: ../tutorial/troubleshooting.rst:18
+#: cfce89f0ed5141699a0b428579e47d58
+msgid "As of OpenLDAP 2.4, two configuration methods are available:"
+msgstr ""
+
+#: ../tutorial/troubleshooting.rst:20
+#: f025a0ef2a9042cc82640e1686ca12ff
+msgid "The `deprecated <https://www.openldap.org/doc/admin26/slapdconf2.html>`_ one, based on a configuration file (generally ``/etc/ldap/slapd.conf``);"
+msgstr ""
+
+#: ../tutorial/troubleshooting.rst:21
+#: a096f639d51d4f6fb17bb854d6afd1d7
+msgid "The new one, based on a configuration directory (generally ``/etc/ldap/slapd.d``)."
+msgstr ""
+
+#: ../tutorial/troubleshooting.rst:23
+#: 87e24d478fbd4509bf4651ad0be9726f
+msgid "Depending on the configuration method you use with your OpenLDAP installation, you need to chose how to add the canaille schemas:"
+msgstr ""
+
+#: ../tutorial/troubleshooting.rst:26
+#: e0948dcef218449b91b5908a0c030dc5
+msgid "Old fashion: Copy the schemas in your filesystem"
+msgstr ""
+
+#: ../tutorial/troubleshooting.rst:35
+#: ff09602b1964432ca92439fcaab6c199
+msgid "New fashion: Use slapadd to add the schemas"
+msgstr ""
+
+#: ../tutorial/troubleshooting.rst:37
+#: 6b3246d97f7744b19c937e63c4e0c223
+msgid "Be careful to stop your ldap server before running ``slapadd``"
+msgstr ""
+
+#: ../tutorial/troubleshooting.rst:46
+#: c5be7d8dd34e4f36a0a4fb76f00bea5f
+msgid "How to manually generate the OIDC keypair?"
+msgstr ""
+
+#: ../tutorial/troubleshooting.rst:50
+#: d73bed635d4748789de6ede7f53cc73d
+msgid "The keypair generation can be automatically done using the :ref:`install command <cli_install>`."
+msgstr ""
+
+#: ../tutorial/troubleshooting.rst:52
+#: 0b9b5fcf3a594f0baaddf334e7880455
+msgid "Canaille needs a key pair to sign OIDC tokens. You can customize those commands, as long as they match the ``JWT`` section of your configuration file."
+msgstr ""
diff --git a/doc/locales/fr_FR/LC_MESSAGES/development.po b/doc/locales/fr_FR/LC_MESSAGES/development.po
new file mode 100644
index 00000000..39f55dd2
--- /dev/null
+++ b/doc/locales/fr_FR/LC_MESSAGES/development.po
@@ -0,0 +1,2152 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) 2024, Yaal Coop
+# This file is distributed under the same license as the canaille package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, 2024.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: canaille 0.0.56\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2024-11-22 15:35+0100\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language: fr_FR\n"
+"Language-Team: fr_FR <LL@li.org>\n"
+"Plural-Forms: nplurals=2; plural=(n > 1);\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Generated-By: Babel 2.16.0\n"
+
+#: ../../doc/development/changelog.rst:2
+msgid "Release notes"
+msgstr ""
+
+#: ../../doc/development/changelog.rst:4
+msgid "All notable changes to this project will be documented in there."
+msgstr ""
+
+#: ../../doc/development/changelog.rst:6
+msgid ""
+"The format is based on `Keep a Changelog "
+"<https://keepachangelog.com/en/1.0.0/>`_, and this project adheres to "
+"`Semantic Versioning <https://semver.org/spec/v2.0.0.html>`_."
+msgstr ""
+
+#: ../../CHANGES.rst:2
+msgid "[0.0.57] - Unreleased"
+msgstr ""
+
+#: ../../CHANGES.rst:5 ../../CHANGES.rst:20 ../../CHANGES.rst:48
+#: ../../CHANGES.rst:67 ../../CHANGES.rst:74 ../../CHANGES.rst:93
+#: ../../CHANGES.rst:151 ../../CHANGES.rst:177 ../../CHANGES.rst:192
+#: ../../CHANGES.rst:241 ../../CHANGES.rst:267 ../../CHANGES.rst:286
+#: ../../CHANGES.rst:294 ../../CHANGES.rst:303 ../../CHANGES.rst:327
+#: ../../CHANGES.rst:360 ../../CHANGES.rst:386 ../../CHANGES.rst:433
+#: ../../CHANGES.rst:461 ../../CHANGES.rst:491 ../../CHANGES.rst:547
+#: ../../CHANGES.rst:580 ../../CHANGES.rst:601 ../../CHANGES.rst:611
+#: ../../CHANGES.rst:634 ../../CHANGES.rst:701 ../../CHANGES.rst:739
+#: ../../CHANGES.rst:756 ../../CHANGES.rst:792
+msgid "Added"
+msgstr ""
+
+#: ../../CHANGES.rst:6
+msgid "Password compromission check :issue:`179`"
+msgstr ""
+
+#: ../../CHANGES.rst:7
+msgid ""
+":attr:`~canaille.core.configuration.CoreSettings.ADMIN_EMAIL` and "
+":attr:`~canaille.core.configuration.CoreSettings.ENABLE_PASSWORD_COMPROMISSION_CHECK`"
+" and :attr:`~canaille.core.configuration.CoreSettings.API_URL_HIBP` "
+":issue:`179`"
+msgstr ""
+
+#: ../../CHANGES.rst:13
+msgid "[0.0.56] - 2024-11-07"
+msgstr ""
+
+#: ../../CHANGES.rst:16 ../../CHANGES.rst:58 ../../CHANGES.rst:97
+#: ../../CHANGES.rst:105 ../../CHANGES.rst:113 ../../CHANGES.rst:120
+#: ../../CHANGES.rst:127 ../../CHANGES.rst:141 ../../CHANGES.rst:169
+#: ../../CHANGES.rst:182 ../../CHANGES.rst:200 ../../CHANGES.rst:219
+#: ../../CHANGES.rst:227 ../../CHANGES.rst:253 ../../CHANGES.rst:261
+#: ../../CHANGES.rst:281 ../../CHANGES.rst:311 ../../CHANGES.rst:341
+#: ../../CHANGES.rst:349 ../../CHANGES.rst:373 ../../CHANGES.rst:393
+#: ../../CHANGES.rst:415 ../../CHANGES.rst:425 ../../CHANGES.rst:446
+#: ../../CHANGES.rst:454 ../../CHANGES.rst:477 ../../CHANGES.rst:500
+#: ../../CHANGES.rst:512 ../../CHANGES.rst:521 ../../CHANGES.rst:530
+#: ../../CHANGES.rst:539 ../../CHANGES.rst:559 ../../CHANGES.rst:566
+#: ../../CHANGES.rst:616 ../../CHANGES.rst:624 ../../CHANGES.rst:649
+#: ../../CHANGES.rst:657 ../../CHANGES.rst:665 ../../CHANGES.rst:678
+#: ../../CHANGES.rst:692 ../../CHANGES.rst:724 ../../CHANGES.rst:747
+#: ../../CHANGES.rst:778
+msgid "Fixed"
+msgstr ""
+
+#: ../../CHANGES.rst:17
+msgid ""
+"With LDAP backend, updating another user groups could result in a "
+"permission lost for the editor. :issue:`202`"
+msgstr ""
+
+#: ../../CHANGES.rst:21
+msgid ""
+":attr:`~canaille.core.configuration.CoreSettings.MAX_PASSWORD_LENGHT` and"
+" :attr:`~canaille.core.configuration.CoreSettings.MIN_PASSWORD_LENGHT` "
+"configuration options :issue:`174`"
+msgstr ""
+
+#: ../../CHANGES.rst:23
+msgid "Password strength visual indicator :issue:`174`"
+msgstr ""
+
+#: ../../CHANGES.rst:24
+msgid "Security events logs :issue:`177`"
+msgstr ""
+
+#: ../../CHANGES.rst:25
+msgid "Support for Python 3.13 :pr:`186`"
+msgstr ""
+
+#: ../../CHANGES.rst:28 ../../CHANGES.rst:41 ../../CHANGES.rst:53
+#: ../../CHANGES.rst:78 ../../CHANGES.rst:86 ../../CHANGES.rst:134
+#: ../../CHANGES.rst:158 ../../CHANGES.rst:210 ../../CHANGES.rst:247
+#: ../../CHANGES.rst:316 ../../CHANGES.rst:332 ../../CHANGES.rst:368
+#: ../../CHANGES.rst:405 ../../CHANGES.rst:440 ../../CHANGES.rst:483
+#: ../../CHANGES.rst:587 ../../CHANGES.rst:641 ../../CHANGES.rst:673
+#: ../../CHANGES.rst:687
+msgid "Changed"
+msgstr ""
+
+#: ../../CHANGES.rst:29
+msgid "Update to HTMX 2.0.3 :pr:`184`"
+msgstr ""
+
+#: ../../CHANGES.rst:30
+msgid "Migrate from poetry to uv :pr:`187`"
+msgstr ""
+
+#: ../../CHANGES.rst:31
+msgid ""
+"The ``sql`` package extra is now split between ``sqlite``, ``postgresql``"
+" and ``mysql``."
+msgstr ""
+
+#: ../../CHANGES.rst:34 ../../CHANGES.rst:378 ../../CHANGES.rst:784
+msgid "Removed"
+msgstr ""
+
+#: ../../CHANGES.rst:35
+msgid "End support for python 3.9. :pr:`179`"
+msgstr ""
+
+#: ../../CHANGES.rst:38
+msgid "[0.0.55] - 2024-08-30"
+msgstr ""
+
+#: ../../CHANGES.rst:42
+msgid "Use poetry-core build backend. :pr:`178`"
+msgstr ""
+
+#: ../../CHANGES.rst:45
+msgid "[0.0.54] - 2024-07-25"
+msgstr ""
+
+#: ../../CHANGES.rst:49
+msgid ""
+"Group member removal can be achieved from the group edition page "
+":issue:`192`"
+msgstr ""
+
+#: ../../CHANGES.rst:50
+msgid "Model management commands :issue:`117` :issue:`54`"
+msgstr ""
+
+#: ../../CHANGES.rst:54
+msgid "Model `identifier_attributes` are fixed."
+msgstr ""
+
+#: ../../CHANGES.rst:55
+msgid "Bump to htmx 1.9.12 :pr:`172`"
+msgstr ""
+
+#: ../../CHANGES.rst:60
+msgid "Dark theme colors for better readability"
+msgstr ""
+
+#: ../../CHANGES.rst:61
+msgid "Crash for passwordless users at login when no SMTP server was configured."
+msgstr ""
+
+#: ../../CHANGES.rst:64
+msgid "[0.0.53] - 2024-04-22"
+msgstr ""
+
+#: ../../CHANGES.rst:68
+msgid "`env_prefix` create_app variable can select the environment var prefix."
+msgstr ""
+
+#: ../../CHANGES.rst:71
+msgid "[0.0.52] - 2024-04-22"
+msgstr ""
+
+#: ../../CHANGES.rst:75
+msgid "`env_file` create_app variable can customize/disable the .env file"
+msgstr ""
+
+#: ../../CHANGES.rst:79
+msgid "Locked users cannot be impersonated anymore."
+msgstr ""
+
+#: ../../CHANGES.rst:80
+msgid "Minimum python requirement is 3.9."
+msgstr ""
+
+#: ../../CHANGES.rst:83
+msgid "[0.0.51] - 2024-04-09"
+msgstr ""
+
+#: ../../CHANGES.rst:87
+msgid "Display the menu bar on error pages."
+msgstr ""
+
+#: ../../CHANGES.rst:90
+msgid "[0.0.50] - 2024-04-09"
+msgstr ""
+
+#: ../../CHANGES.rst:94
+msgid "Sign in/out events are logged in :issue:`177`"
+msgstr ""
+
+#: ../../CHANGES.rst:98
+msgid "HTMX and JAVASCRIPT configuration settings."
+msgstr ""
+
+#: ../../CHANGES.rst:99
+msgid "Compatibility with old sessions IDs."
+msgstr ""
+
+#: ../../CHANGES.rst:102
+msgid "[0.0.49] - 2024-04-08"
+msgstr ""
+
+#: ../../CHANGES.rst:106
+msgid "LDAP user group removal."
+msgstr ""
+
+#: ../../CHANGES.rst:107
+msgid "Display an error message when trying to remove the last user from a group."
+msgstr ""
+
+#: ../../CHANGES.rst:110
+msgid "[0.0.48] - 2024-04-08"
+msgstr ""
+
+#: ../../CHANGES.rst:114
+msgid "LDAP objectClass guessing exception."
+msgstr ""
+
+#: ../../CHANGES.rst:117
+msgid "[0.0.47] - 2024-04-08"
+msgstr ""
+
+#: ../../CHANGES.rst:121
+msgid "Lazy permission loading exception."
+msgstr ""
+
+#: ../../CHANGES.rst:124
+msgid "[0.0.46] - 2024-04-08"
+msgstr ""
+
+#: ../../CHANGES.rst:128
+msgid ""
+"Saving an object with the LDAP backend keeps the objectClass un-managed "
+"by Canaille. :pr:`171`"
+msgstr ""
+
+#: ../../CHANGES.rst:131
+msgid "[0.0.45] - 2024-04-04"
+msgstr ""
+
+#: ../../CHANGES.rst:135
+msgid ""
+"Internal indexation mechanism of "
+":class:`~canaille.backends.memory.model.MemoryModel`"
+msgstr ""
+
+#: ../../CHANGES.rst:138
+msgid "[0.0.44] - 2024-03-29"
+msgstr ""
+
+#: ../../CHANGES.rst:142
+msgid "Fix the default LDAP USER_FILTER value"
+msgstr ""
+
+#: ../../CHANGES.rst:143
+msgid "Fix the OIDC feature detection"
+msgstr ""
+
+#: ../../CHANGES.rst:146
+msgid "[0.0.43] - 2024-03-29"
+msgstr ""
+
+#: ../../CHANGES.rst:148
+msgid "🚨Configuration files must be updated.🚨"
+msgstr ""
+
+#: ../../CHANGES.rst:153
+msgid "Add `created` and `last_modified` datetime for all models"
+msgstr ""
+
+#: ../../CHANGES.rst:154
+msgid "Sitemap to the documentation :pr:`169`"
+msgstr ""
+
+#: ../../CHANGES.rst:155
+msgid "Configuration management with pydantic-settings :issue:`138` :pr:`170`"
+msgstr ""
+
+#: ../../CHANGES.rst:160
+msgid "Use default python logging configuration format. :issue:`188` :pr:`165`"
+msgstr ""
+
+#: ../../CHANGES.rst:161
+msgid "Bump to htmx 1.99.11 :pr:`166`"
+msgstr ""
+
+#: ../../CHANGES.rst:162
+msgid ""
+"Use the standard tomllib python module instead of `toml` starting from "
+"python 3.11 :pr:`167`"
+msgstr ""
+
+#: ../../CHANGES.rst:163
+msgid "Use shibuya as the documentation theme :pr:`168`"
+msgstr ""
+
+#: ../../CHANGES.rst:166
+msgid "[0.0.42] - 2023-12-29"
+msgstr ""
+
+#: ../../CHANGES.rst:171
+msgid "Avoid to fail on imports if ``cryptography`` is missing."
+msgstr ""
+
+#: ../../CHANGES.rst:174
+msgid "[0.0.41] - 2023-12-25"
+msgstr ""
+
+#: ../../CHANGES.rst:179
+msgid "OIDC `prompt=create` support. :issue:`185` :pr:`164`"
+msgstr ""
+
+#: ../../CHANGES.rst:184
+msgid "Correctly set up Client audience during OIDC dynamic registration."
+msgstr ""
+
+#: ../../CHANGES.rst:185
+msgid ""
+"``post_logout_redirect_uris`` was ignored during OIDC dynamic "
+"registration."
+msgstr ""
+
+#: ../../CHANGES.rst:186
+msgid "Group field error prevented the registration form validation."
+msgstr ""
+
+#: ../../CHANGES.rst:189
+msgid "[0.0.40] - 2023-12-22"
+msgstr ""
+
+#: ../../CHANGES.rst:194
+msgid "``THEME`` can be a relative path"
+msgstr ""
+
+#: ../../CHANGES.rst:197
+msgid "[0.0.39] - 2023-12-15"
+msgstr ""
+
+#: ../../CHANGES.rst:202
+msgid "Crash when no ACL were defined"
+msgstr ""
+
+#: ../../CHANGES.rst:203
+msgid "OIDC Userinfo endpoint is also available in POST"
+msgstr ""
+
+#: ../../CHANGES.rst:204
+msgid "Fix redirection after password reset :issue:`159`"
+msgstr ""
+
+#: ../../CHANGES.rst:207
+msgid "[0.0.38] - 2023-12-15"
+msgstr ""
+
+#: ../../CHANGES.rst:212
+msgid "Convert all the png in webp. :pr:`162`"
+msgstr ""
+
+#: ../../CHANGES.rst:213
+msgid "Update to flask 3 :issue:`161` :pr:`163`"
+msgstr ""
+
+#: ../../CHANGES.rst:216
+msgid "[0.0.37] - 2023-12-01"
+msgstr ""
+
+#: ../../CHANGES.rst:221
+msgid "Handle 4xx and 5xx error codes with htmx. :issue:`171` :pr:`161`"
+msgstr ""
+
+#: ../../CHANGES.rst:224
+msgid "[0.0.36] - 2023-12-01"
+msgstr ""
+
+#: ../../CHANGES.rst:229
+msgid "Avoid crashing when LDAP groups references unexisting users."
+msgstr ""
+
+#: ../../CHANGES.rst:230
+msgid ""
+"Password reset and initialization mails were only sent to the preferred "
+"user email address."
+msgstr ""
+
+#: ../../CHANGES.rst:232
+msgid ""
+"Password reset and initialization mails were not sent at all the user "
+"addresses if one email address could not be reached."
+msgstr ""
+
+#: ../../CHANGES.rst:234
+msgid "Password comparison was too permissive on login."
+msgstr ""
+
+#: ../../CHANGES.rst:235
+msgid "Encrypt passwords in the SQL backend."
+msgstr ""
+
+#: ../../CHANGES.rst:238
+msgid "[0.0.35] - 2023-11-25"
+msgstr ""
+
+#: ../../CHANGES.rst:243
+msgid ""
+"Refresh token grant supports other client authentication methods. "
+":pr:`157`"
+msgstr ""
+
+#: ../../CHANGES.rst:244
+msgid "Implement a SQLAlchemy backend. :issue:`30` :pr:`158`"
+msgstr ""
+
+#: ../../CHANGES.rst:249
+msgid "Model attributes cardinality is closer to SCIM model. :pr:`155`"
+msgstr ""
+
+#: ../../CHANGES.rst:250
+msgid "Bump to htmx 1.9.9 :pr:`159`"
+msgstr ""
+
+#: ../../CHANGES.rst:255
+msgid "Disable HTMX boosting during the OIDC dance. :pr:`160`"
+msgstr ""
+
+#: ../../CHANGES.rst:258
+msgid "[0.0.34] - 2023-10-02"
+msgstr ""
+
+#: ../../CHANGES.rst:263
+msgid ""
+"Canaille installations without account lockabilty could not delete users."
+" :pr:`153`"
+msgstr ""
+
+#: ../../CHANGES.rst:269
+msgid ""
+"If users register or authenticate during a OAuth Authorization phase, "
+"they get redirected back to that page afterwards. :issue:`168` :pr:`151`"
+msgstr ""
+
+#: ../../CHANGES.rst:272
+msgid "flask-babel and pytz are now part of the `front` extras"
+msgstr ""
+
+#: ../../CHANGES.rst:273
+msgid "Bump to fomantic-ui 2.9.3 :pr:`152`"
+msgstr ""
+
+#: ../../CHANGES.rst:274
+msgid "Bump to htmx 1.9.6 :pr:`154`"
+msgstr ""
+
+#: ../../CHANGES.rst:275
+msgid "Add support for python 3.12 :pr:`155`"
+msgstr ""
+
+#: ../../CHANGES.rst:278
+msgid "[0.0.33] - 2023-08-26"
+msgstr ""
+
+#: ../../CHANGES.rst:283
+msgid "OIDC jwks endpoint do not return empty kid claim"
+msgstr ""
+
+#: ../../CHANGES.rst:288
+msgid "Documentation details on the canaille models."
+msgstr ""
+
+#: ../../CHANGES.rst:291
+msgid "[0.0.32] - 2023-08-17"
+msgstr ""
+
+#: ../../CHANGES.rst:296
+msgid "Additional inmemory backend :issue:`30` :pr:`149`"
+msgstr ""
+
+#: ../../CHANGES.rst:297
+msgid "Installation extras :issue:`167` :pr:`150`"
+msgstr ""
+
+#: ../../CHANGES.rst:300
+msgid "[0.0.31] - 2023-08-15"
+msgstr ""
+
+#: ../../CHANGES.rst:305
+msgid "Configuration option to disable the forced usage of OIDC nonce :pr:`143`"
+msgstr ""
+
+#: ../../CHANGES.rst:306
+msgid "Validate phone numbers with a regex :pr:`146`"
+msgstr ""
+
+#: ../../CHANGES.rst:307
+msgid "Email verification :issue:`41` :pr:`147`"
+msgstr ""
+
+#: ../../CHANGES.rst:308
+msgid "Account registration :issue:`55` :pr:`133` :pr:`148`"
+msgstr ""
+
+#: ../../CHANGES.rst:313
+msgid "The `check` command uses the default configuration values."
+msgstr ""
+
+#: ../../CHANGES.rst:318
+msgid "Modals do not need use javascript at the moment. :issue:`158` :pr:`144`"
+msgstr ""
+
+#: ../../CHANGES.rst:321
+msgid "[0.0.30] - 2023-07-06"
+msgstr ""
+
+#: ../../CHANGES.rst:323
+msgid ""
+"🚨Configuration files must be updated.🚨 Check the new format with ``git "
+"diff 0.0.29 0.0.30 canaille/conf/config.sample.toml``"
+msgstr ""
+
+#: ../../CHANGES.rst:329
+msgid "Configuration option to disable javascript :pr:`141`"
+msgstr ""
+
+#: ../../CHANGES.rst:334
+msgid "Configuration ``USER_FILTER`` is parsed with jinja."
+msgstr ""
+
+#: ../../CHANGES.rst:335
+msgid ""
+"Configuration use ``PRIVATE_KEY_FILE`` instead of ``PRIVATE_KEY`` and "
+"``PUBLIC_KEY_FILE`` instead of ``PUBLIC_KEY``"
+msgstr ""
+
+#: ../../CHANGES.rst:338
+msgid "[0.0.29] - 2023-06-30"
+msgstr ""
+
+#: ../../CHANGES.rst:343
+msgid "Disabled HTMX boosting on OIDC forms to avoid errors."
+msgstr ""
+
+#: ../../CHANGES.rst:346
+msgid "[0.0.28] - 2023-06-30"
+msgstr ""
+
+#: ../../CHANGES.rst:351
+msgid "A template variable was misnamed."
+msgstr ""
+
+#: ../../CHANGES.rst:354
+msgid "[0.0.27] - 2023-06-29"
+msgstr ""
+
+#: ../../CHANGES.rst:356
+msgid ""
+"🚨Configuration files must be updated.🚨 Check the new format with ``git "
+"diff 0.0.26 0.0.27 canaille/conf/config.sample.toml``"
+msgstr ""
+
+#: ../../CHANGES.rst:362
+msgid ""
+"Configuration entries can be loaded from files if the entry key has a "
+"*_FILE* suffix and the entry value is the path to the file. :issue:`134` "
+":pr:`134`"
+msgstr ""
+
+#: ../../CHANGES.rst:364
+msgid "Field list support. :issue:`115` :pr:`136`"
+msgstr ""
+
+#: ../../CHANGES.rst:365
+msgid "Pages are boosted with HTMX :issue:`144` :issue:`145` :pr:`137`"
+msgstr ""
+
+#: ../../CHANGES.rst:370
+msgid "Bump to jquery 3.7.0 :pr:`138`"
+msgstr ""
+
+#: ../../CHANGES.rst:375
+msgid "Profile edition when the user RDN was not ``uid`` :issue:`148` :pr:`139`"
+msgstr ""
+
+#: ../../CHANGES.rst:380
+msgid "Stop support for python 3.7 :pr:`131`"
+msgstr ""
+
+#: ../../CHANGES.rst:383
+msgid "[0.0.26] - 2023-06-03"
+msgstr ""
+
+#: ../../CHANGES.rst:388
+msgid ""
+"Implemented account expiration based on OpenLDAP ppolicy overlay. Needs "
+"OpenLDAP 2.5+ :issue:`13` :pr:`118`"
+msgstr ""
+
+#: ../../CHANGES.rst:390
+msgid "Timezone configuration entry. :issue:`137` :pr:`130`"
+msgstr ""
+
+#: ../../CHANGES.rst:395
+msgid "Avoid setting ``None`` in JWT claims when they have no value."
+msgstr ""
+
+#: ../../CHANGES.rst:396
+msgid "Display password recovery button on OIDC login page. :pr:`129`"
+msgstr ""
+
+#: ../../CHANGES.rst:399
+msgid "[0.0.25] - 2023-05-05"
+msgstr ""
+
+#: ../../CHANGES.rst:401
+msgid ""
+"🚨Configuration files must be updated.🚨 Check the new format with ``git "
+"diff 0.0.25 0.0.24 canaille/conf/config.sample.toml``"
+msgstr ""
+
+#: ../../CHANGES.rst:407
+msgid "Renamed user model attributes to match SCIM naming convention. :pr:`123`"
+msgstr ""
+
+#: ../../CHANGES.rst:408
+msgid "Moved OIDC related configuration entries in ``OIDC``"
+msgstr ""
+
+#: ../../CHANGES.rst:409
+msgid "Moved ``LDAP`` configuration entry to ``BACKENDS.LDAP``"
+msgstr ""
+
+#: ../../CHANGES.rst:410
+msgid "Bumped to htmx 1.9.0 :pr:`124`"
+msgstr ""
+
+#: ../../CHANGES.rst:411
+msgid ""
+"ACL filters are no more LDAP filters but user attribute mappings. "
+":pr:`125`"
+msgstr ""
+
+#: ../../CHANGES.rst:412
+msgid "Bumped to htmx 1.9.2 :pr:`127`"
+msgstr ""
+
+#: ../../CHANGES.rst:417
+msgid "``OIDC.JWT.MAPPING`` configuration entry is really optional now."
+msgstr ""
+
+#: ../../CHANGES.rst:418
+msgid "Fixed empty model attributes registration :pr:`125`"
+msgstr ""
+
+#: ../../CHANGES.rst:419
+msgid "Password initialization mails were not correctly sent. :pr:`128`"
+msgstr ""
+
+#: ../../CHANGES.rst:422
+msgid "[0.0.24] - 2023-04-07"
+msgstr ""
+
+#: ../../CHANGES.rst:427
+msgid "Fixed avatar update. :pr:`122`"
+msgstr ""
+
+#: ../../CHANGES.rst:430
+msgid "[0.0.23] - 2023-04-05"
+msgstr ""
+
+#: ../../CHANGES.rst:435
+msgid "Organization field. :pr:`116`"
+msgstr ""
+
+#: ../../CHANGES.rst:436
+msgid "ETag and Last-Modified headers on user photos. :pr:`116`"
+msgstr ""
+
+#: ../../CHANGES.rst:437
+msgid "Dynamic form validation :pr:`120`"
+msgstr ""
+
+#: ../../CHANGES.rst:442
+msgid "UX rework. Submenu addition. :pr:`114`"
+msgstr ""
+
+#: ../../CHANGES.rst:443
+msgid "Properly handle LDAP date timezones. :pr:`117`"
+msgstr ""
+
+#: ../../CHANGES.rst:448
+msgid "CSRF protection on every forms. :pr:`119`"
+msgstr ""
+
+#: ../../CHANGES.rst:451
+msgid "[0.0.22] - 2023-03-13"
+msgstr ""
+
+#: ../../CHANGES.rst:455
+msgid "faker is not imported anymore when the `clean` command is called."
+msgstr ""
+
+#: ../../CHANGES.rst:458
+msgid "[0.0.21] - 2023-03-12"
+msgstr ""
+
+#: ../../CHANGES.rst:463
+msgid "Display TOS and policy URI on the consent list page. :pr:`102`"
+msgstr ""
+
+#: ../../CHANGES.rst:464
+msgid "Admin token deletion :pr:`100` :pr:`101`"
+msgstr ""
+
+#: ../../CHANGES.rst:465
+msgid "Revoked consents can be restored. :pr:`103`"
+msgstr ""
+
+#: ../../CHANGES.rst:466
+msgid ""
+"Pre-consented clients are displayed in the user consent list, and their "
+"consents can be revoked. :issue:`69` :pr:`103`"
+msgstr ""
+
+#: ../../CHANGES.rst:468
+msgid ""
+"A ``populate`` command can be used to fill the database with random users"
+" generated with faker. :pr:`105`"
+msgstr ""
+
+#: ../../CHANGES.rst:470
+msgid "SMTP SSL support. :pr:`108`"
+msgstr ""
+
+#: ../../CHANGES.rst:471
+msgid "Server side pagination. :issue:`114` :pr:`111`"
+msgstr ""
+
+#: ../../CHANGES.rst:472
+msgid "Department number support. :issue:`129`"
+msgstr ""
+
+#: ../../CHANGES.rst:473
+msgid "Address edition support (but not in the OIDC claims yet) :pr:`112`"
+msgstr ""
+
+#: ../../CHANGES.rst:474
+msgid "Title edition support :pr:`113`"
+msgstr ""
+
+#: ../../CHANGES.rst:479
+msgid ""
+"Client deletion also deletes related Consent, Token and AuthorizationCode"
+" objects. :issue:`126` :pr:`98`"
+msgstr ""
+
+#: ../../CHANGES.rst:485
+msgid "Removed datatables."
+msgstr ""
+
+#: ../../CHANGES.rst:488
+msgid "[0.0.20] - 2023-01-28"
+msgstr ""
+
+#: ../../CHANGES.rst:493
+msgid "Spanish translation. :pr:`85` :pr:`88`"
+msgstr ""
+
+#: ../../CHANGES.rst:494
+msgid "Dedicated connectivity test email :pr:`89`"
+msgstr ""
+
+#: ../../CHANGES.rst:495
+msgid "Update to jquery 3.6.3 :pr:`90`"
+msgstr ""
+
+#: ../../CHANGES.rst:496
+msgid "Update to fomantic-ui 2.9.1 :pr:`90`"
+msgstr ""
+
+#: ../../CHANGES.rst:497
+msgid "Update to datatables 1.13.1 :pr:`90`"
+msgstr ""
+
+#: ../../CHANGES.rst:502
+msgid "Fix typos and grammar errors. :pr:`84`"
+msgstr ""
+
+#: ../../CHANGES.rst:503
+msgid "Fix wording and punctuations. :pr:`86`"
+msgstr ""
+
+#: ../../CHANGES.rst:504
+msgid "Fix HTML lang tag :issue:`122` :pr:`87`"
+msgstr ""
+
+#: ../../CHANGES.rst:505
+msgid "Automatically trims the HTML translated strings. :pr:`91`"
+msgstr ""
+
+#: ../../CHANGES.rst:506
+msgid "Fixed dynamic registration scope management. :issue:`123` :pr:`93`"
+msgstr ""
+
+#: ../../CHANGES.rst:509
+msgid "[0.0.19] - 2023-01-14"
+msgstr ""
+
+#: ../../CHANGES.rst:514
+msgid ""
+"Ensures the token `expires_in` claim and the `access_token` `exp` claim "
+"have the same value. :pr:`83`"
+msgstr ""
+
+#: ../../CHANGES.rst:518
+msgid "[0.0.18] - 2022-12-28"
+msgstr ""
+
+#: ../../CHANGES.rst:523
+msgid ""
+"OIDC end_session was not returning the ``state`` parameter in the "
+"``post_logout_redirect_uri`` :pr:`82`"
+msgstr ""
+
+#: ../../CHANGES.rst:527
+msgid "[0.0.17] - 2022-12-26"
+msgstr ""
+
+#: ../../CHANGES.rst:532
+msgid "Fixed group deletion button. :pr:`80`"
+msgstr ""
+
+#: ../../CHANGES.rst:533
+msgid "Fixed post requests in oidc clients views. :pr:`81`"
+msgstr ""
+
+#: ../../CHANGES.rst:536
+msgid "[0.0.16] - 2022-12-15"
+msgstr ""
+
+#: ../../CHANGES.rst:541
+msgid "Fixed LDAP operational attributes handling."
+msgstr ""
+
+#: ../../CHANGES.rst:544
+msgid "[0.0.15] - 2022-12-15"
+msgstr ""
+
+#: ../../CHANGES.rst:549
+msgid "User can chose their favourite display name. :pr:`77`"
+msgstr ""
+
+#: ../../CHANGES.rst:550
+msgid "Bumped to authlib 1.2. :pr:`78`"
+msgstr ""
+
+#: ../../CHANGES.rst:551
+msgid ""
+"Implemented RFC7592 OAuth 2.0 Dynamic Client Registration Management "
+"Protocol :pr:`79`"
+msgstr ""
+
+#: ../../CHANGES.rst:553
+msgid "Added ``nonce`` to the ``claims_supported`` server metadata list."
+msgstr ""
+
+#: ../../CHANGES.rst:556
+msgid "[0.0.14] - 2022-11-29"
+msgstr ""
+
+#: ../../CHANGES.rst:560
+msgid "Fixed translation mo files packaging."
+msgstr ""
+
+#: ../../CHANGES.rst:563
+msgid "[0.0.13] - 2022-11-21"
+msgstr ""
+
+#: ../../CHANGES.rst:568
+msgid ""
+"Fixed a bug on the contacts field in the admin client form following the "
+"LDAP schema update of 0.0.12"
+msgstr ""
+
+#: ../../CHANGES.rst:570
+msgid ""
+"Fixed a bug happening during RP initiated logout on clients without "
+"`post_logout_redirect_uri` defined."
+msgstr ""
+
+#: ../../CHANGES.rst:572
+msgid "Gitlab CI fix. :pr:`64`"
+msgstr ""
+
+#: ../../CHANGES.rst:573
+msgid "Fixed `client_secret` display on the client administration page. :pr:`65`"
+msgstr ""
+
+#: ../../CHANGES.rst:574
+msgid "Fixed non-square logo CSS. :pr:`67`"
+msgstr ""
+
+#: ../../CHANGES.rst:575
+msgid "Fixed schema path on installation. :pr:`68`"
+msgstr ""
+
+#: ../../CHANGES.rst:576
+msgid "Fixed RFC7591 ``software_statement`` claim support. :pr:`70`"
+msgstr ""
+
+#: ../../CHANGES.rst:577
+msgid "Fixed client preconsent disabling. :pr:`72`"
+msgstr ""
+
+#: ../../CHANGES.rst:582
+msgid "Python 3.11 support. :pr:`61`"
+msgstr ""
+
+#: ../../CHANGES.rst:583
+msgid "apparmor slapd configuration instructions in CONTRIBUTING.rst :pr:`66`"
+msgstr ""
+
+#: ../../CHANGES.rst:584
+msgid "``preferredLanguage`` attribute support. :pr:`75`"
+msgstr ""
+
+#: ../../CHANGES.rst:589
+msgid ""
+"Replaced the use of the deprecated `FLASK_ENV` environment variable by "
+"`FLASK_DEBUG`."
+msgstr ""
+
+#: ../../CHANGES.rst:591
+msgid ""
+"Dynamically generate the server metadata. Users won't have to copy and "
+"manually edit ``oauth-authorizationserver.json`` and ``openid-"
+"configuration.json``. :pr:`71`"
+msgstr ""
+
+#: ../../CHANGES.rst:594
+msgid "The `FROM_ADDR` configuration option is not mandatory anymore. :pr:`73`"
+msgstr ""
+
+#: ../../CHANGES.rst:595
+msgid "The `JWT.ISS` configuration option is not mandatory anymore. :pr:`74`"
+msgstr ""
+
+#: ../../CHANGES.rst:598
+msgid "[0.0.12] - 2022-10-24"
+msgstr ""
+
+#: ../../CHANGES.rst:603
+msgid "Basic WebFinger endpoint. :pr:`59`"
+msgstr ""
+
+#: ../../CHANGES.rst:604
+msgid "Bumped to FomanticUI 2.9.0 00ffffee"
+msgstr ""
+
+#: ../../CHANGES.rst:605
+msgid "Implemented Dynamic Client Registration :pr:`60`"
+msgstr ""
+
+#: ../../CHANGES.rst:608
+msgid "[0.0.11] - 2022-08-11"
+msgstr ""
+
+#: ../../CHANGES.rst:613
+msgid "Default theme has a dark variant. :pr:`57`"
+msgstr ""
+
+#: ../../CHANGES.rst:618
+msgid "Fixed missing ``canaille`` binary. :pr:`58`"
+msgstr ""
+
+#: ../../CHANGES.rst:621
+msgid "[0.0.10] - 2022-07-07"
+msgstr ""
+
+#: ../../CHANGES.rst:626
+msgid "Online demo. :pr:`55`"
+msgstr ""
+
+#: ../../CHANGES.rst:627
+msgid "The consent page was displaying scopes not supported by clients. :pr:`56`"
+msgstr ""
+
+#: ../../CHANGES.rst:628
+msgid "Fixed end session when user are already disconnected."
+msgstr ""
+
+#: ../../CHANGES.rst:631
+msgid "[0.0.9] - 2022-06-05"
+msgstr ""
+
+#: ../../CHANGES.rst:636
+msgid ""
+"``DISABLE_PASSWORD_RESET`` configuration option to disable password "
+"recovery. :pr:`46`"
+msgstr ""
+
+#: ../../CHANGES.rst:637
+msgid "``edit_self`` ACL permission to control user self edition. :pr:`47`"
+msgstr ""
+
+#: ../../CHANGES.rst:638
+msgid "Implemented RP-initiated logout :pr:`54`"
+msgstr ""
+
+#: ../../CHANGES.rst:643
+msgid "Bumped to authlib 1 :pr:`48`"
+msgstr ""
+
+#: ../../CHANGES.rst:644
+msgid "documentation improvements :pr:`50`"
+msgstr ""
+
+#: ../../CHANGES.rst:645
+msgid "use poetry instead of setuptools :pr:`51`"
+msgstr ""
+
+#: ../../CHANGES.rst:646
+msgid "additional nonce tests :pr:`52`"
+msgstr ""
+
+#: ../../CHANGES.rst:650
+msgid "``HIDE_INVALID_LOGIN`` behavior and default value."
+msgstr ""
+
+#: ../../CHANGES.rst:651
+msgid "mo files are not versioned anymore :pr:`49` :pr:`53`"
+msgstr ""
+
+#: ../../CHANGES.rst:654
+msgid "[0.0.8] - 2022-03-15"
+msgstr ""
+
+#: ../../CHANGES.rst:659
+msgid "Fixed dependencies"
+msgstr ""
+
+#: ../../CHANGES.rst:662
+msgid "[0.0.7] - 2022-03-15"
+msgstr ""
+
+#: ../../CHANGES.rst:667
+msgid "Fixed spaces and escaped special char in ldap cn/dn :pr:`43`"
+msgstr ""
+
+#: ../../CHANGES.rst:670
+msgid "[0.0.6] - 2022-03-08"
+msgstr ""
+
+#: ../../CHANGES.rst:675
+msgid "Access token are JWT. :pr:`38`"
+msgstr ""
+
+#: ../../CHANGES.rst:680
+msgid "Default groups on invitations :pr:`41`"
+msgstr ""
+
+#: ../../CHANGES.rst:681
+msgid "Schemas are shipped within the canaille package :pr:`42`"
+msgstr ""
+
+#: ../../CHANGES.rst:684
+msgid "[0.0.5] - 2022-02-17"
+msgstr ""
+
+#: ../../CHANGES.rst:689
+msgid "LDAP model objects have new identifiers :pr:`37`"
+msgstr ""
+
+#: ../../CHANGES.rst:694
+msgid "Admin menu dropdown display :pr:`39`"
+msgstr ""
+
+#: ../../CHANGES.rst:695
+msgid "`GROUP_ID_ATTRIBUTE` configuration typo :pr:`40`"
+msgstr ""
+
+#: ../../CHANGES.rst:698
+msgid "[0.0.4] - 2022-02-16"
+msgstr ""
+
+#: ../../CHANGES.rst:703
+msgid "Client preauthorization :pr:`11`"
+msgstr ""
+
+#: ../../CHANGES.rst:704
+msgid "LDAP permissions check with the check command :pr:`12`"
+msgstr ""
+
+#: ../../CHANGES.rst:705
+msgid ""
+"Update consents when a scope required is larger than the scope of an "
+"already given consent :pr:`13`"
+msgstr ""
+
+#: ../../CHANGES.rst:707
+msgid "Theme customization :pr:`15`"
+msgstr ""
+
+#: ../../CHANGES.rst:708
+msgid "Logging configuration :pr:`16`"
+msgstr ""
+
+#: ../../CHANGES.rst:709
+msgid "Installation command :pr:`17`"
+msgstr ""
+
+#: ../../CHANGES.rst:710
+msgid "Invitation links :pr:`18`"
+msgstr ""
+
+#: ../../CHANGES.rst:711
+msgid "Advanced permissions :pr:`20`"
+msgstr ""
+
+#: ../../CHANGES.rst:712
+msgid "An option to not use OIDC :pr:`23`"
+msgstr ""
+
+#: ../../CHANGES.rst:713
+msgid "Disable some features when no SMTP server is configured :pr:`24`"
+msgstr ""
+
+#: ../../CHANGES.rst:714
+msgid ""
+"Login placeholder dynamically generated according to the configuration "
+":pr:`25`"
+msgstr ""
+
+#: ../../CHANGES.rst:715
+msgid "Added an option to tune object IDs :pr:`26`"
+msgstr ""
+
+#: ../../CHANGES.rst:716
+msgid "Avatar support :pr:`27`"
+msgstr ""
+
+#: ../../CHANGES.rst:717
+msgid "Dynamical and configurable JWT claims :pr:`28`"
+msgstr ""
+
+#: ../../CHANGES.rst:718
+msgid "UI improvements :pr:`29`"
+msgstr ""
+
+#: ../../CHANGES.rst:719
+msgid "Invitation links expiration :pr:`30`"
+msgstr ""
+
+#: ../../CHANGES.rst:720
+msgid "Invitees can choose their IDs :pr:`31`"
+msgstr ""
+
+#: ../../CHANGES.rst:721
+msgid "LDAP backend refactoring :pr:`35`"
+msgstr ""
+
+#: ../../CHANGES.rst:726
+msgid "Fixed ghost members in a group :pr:`14`"
+msgstr ""
+
+#: ../../CHANGES.rst:727
+msgid "Fixed email sender names :pr:`19`"
+msgstr ""
+
+#: ../../CHANGES.rst:728
+msgid "Fixed filter being not escaped :pr:`21`"
+msgstr ""
+
+#: ../../CHANGES.rst:729
+msgid "Demo script good practices :pr:`32`"
+msgstr ""
+
+#: ../../CHANGES.rst:730
+msgid "Binary path for Debian :pr:`33`"
+msgstr ""
+
+#: ../../CHANGES.rst:731
+msgid ""
+"Last name was not mandatory in the forms while this was mandatory in the "
+"LDAP server :pr:`34`"
+msgstr ""
+
+#: ../../CHANGES.rst:733
+msgid "Spelling typos :pr:`36`"
+msgstr ""
+
+#: ../../CHANGES.rst:736
+msgid "[0.0.3] - 2021-10-13"
+msgstr ""
+
+#: ../../CHANGES.rst:741
+msgid "Two-steps sign-in :issue:`49`"
+msgstr ""
+
+#: ../../CHANGES.rst:742
+msgid "Tokens can have several audiences. :issue:`62` :pr:`9`"
+msgstr ""
+
+#: ../../CHANGES.rst:743
+msgid "Configuration check command. :issue:`66` :pr:`8`"
+msgstr ""
+
+#: ../../CHANGES.rst:744
+msgid "Groups management. :issue:`12` :pr:`6`"
+msgstr ""
+
+#: ../../CHANGES.rst:749
+msgid "Introspection access bugfix. :issue:`63` :pr:`10`"
+msgstr ""
+
+#: ../../CHANGES.rst:750
+msgid "Introspection sub claim. :issue:`64` :pr:`7`"
+msgstr ""
+
+#: ../../CHANGES.rst:753
+msgid "[0.0.2] - 2021-01-06"
+msgstr ""
+
+#: ../../CHANGES.rst:758
+msgid "Login page is responsive. :issue:`1`"
+msgstr ""
+
+#: ../../CHANGES.rst:759
+msgid "Adapt mobile keyboards to login page fields. :issue:`2`"
+msgstr ""
+
+#: ../../CHANGES.rst:760
+msgid "Password recovery interface. :issue:`3`"
+msgstr ""
+
+#: ../../CHANGES.rst:761
+msgid "User profile interface. :issue:`4`"
+msgstr ""
+
+#: ../../CHANGES.rst:762
+msgid "Renamed the project *canaille*. :issue:`5`"
+msgstr ""
+
+#: ../../CHANGES.rst:763
+msgid "Command to remove old tokens. :issue:`17`"
+msgstr ""
+
+#: ../../CHANGES.rst:764
+msgid "Improved password recovery email. :issue:`14` :issue:`26`"
+msgstr ""
+
+#: ../../CHANGES.rst:765
+msgid ""
+"Use flask `SERVER_NAME` configuration variable instead of `URL`. "
+":issue:`24`"
+msgstr ""
+
+#: ../../CHANGES.rst:766
+msgid "Improved consents page. :issue:`27`"
+msgstr ""
+
+#: ../../CHANGES.rst:767
+msgid "Admin user page. :issue:`8`"
+msgstr ""
+
+#: ../../CHANGES.rst:768
+msgid "Project logo. :pr:`29`"
+msgstr ""
+
+#: ../../CHANGES.rst:769
+msgid ""
+"User account self-deletion can be enabled in the configuration with "
+"`SELF_DELETION`. :issue:`35`"
+msgstr ""
+
+#: ../../CHANGES.rst:770
+msgid "Admins can impersonate users. :issue:`39`"
+msgstr ""
+
+#: ../../CHANGES.rst:771
+msgid "Forgotten page UX improvement. :pr:`43`"
+msgstr ""
+
+#: ../../CHANGES.rst:772
+msgid "Admins can remove clients. :pr:`45`"
+msgstr ""
+
+#: ../../CHANGES.rst:773
+msgid ""
+"Option `HIDE_INVALID_LOGIN` that can be unactivated to let the user know "
+"if the login he attempt to sign in with exists or not. :pr:`48`"
+msgstr ""
+
+#: ../../CHANGES.rst:775
+msgid "Password initialization mail. :pr:`51`"
+msgstr ""
+
+#: ../../CHANGES.rst:780
+msgid "Form translations. :issue:`19` :issue:`23`"
+msgstr ""
+
+#: ../../CHANGES.rst:781
+msgid "Avoid to use Google Fonts. :issue:`21`"
+msgstr ""
+
+#: ../../CHANGES.rst:786
+msgid "'My tokens' page. :issue:`22`"
+msgstr ""
+
+#: ../../CHANGES.rst:789
+msgid "[0.0.1] - 2020-10-21"
+msgstr ""
+
+#: ../../CHANGES.rst:794
+msgid "Initial release."
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:2
+msgid "Contributions"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:4
+msgid "Contributions are welcome!"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:6
+msgid ""
+"The repository is hosted at `gitlab.com/yaal/canaille "
+"<https://gitlab.com/yaal/canaille>`_."
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:9
+msgid "Discuss"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:11
+msgid ""
+"If you want to implement a feature or a bugfix, please start by "
+"discussing it with us on the `bugtracker "
+"<https://gitlab.com/yaal/canaille/-/issues>`_ or the `matrix room "
+"<https://matrix.to/#/#canaille-discuss:yaal.coop>`_."
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:16
+msgid "Development environment"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:18
+msgid "You can either run the demo locally or with Docker."
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:20
+msgid ""
+"The only tool required for local development is `uv`. Make sure to have "
+"uv `installed on your computer <https://docs.astral.sh/uv/getting-"
+"started/installation/>`_ to be able to hack Canaille."
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:24
+msgid ""
+"Initialize your development environment with: - ``uv sync --extra front "
+"--extra oidc`` to have a minimal working development environment. This "
+"will allow you to run the tests with ``uv pytest --backend memory``. - "
+"``uv sync --extra front --extra oidc --extra sqlite`` to have a minimal "
+"working development environment with SQLite backend support. This will "
+"allow you to run the tests with ``uv pytest --backend sql``. - ``uv sync "
+"--extra front --extra oidc --extra ldap`` to have a minimal working "
+"development environment with LDAP backend support. This will allow you to"
+" run the tests with ``uv pytest --backend ldap``. - ``uv sync --all-"
+"extras`` if you want to have everything at your fingertips. Note that it "
+"may compile some Python dependencies that would expect things to be "
+"installed on your system; Some dependencies of Canaille might need to be "
+"compiled, so you probably want to check that `GCC` and `cargo` are "
+"available on your computer."
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:31
+msgid "After having launched the demo you have access to several services:"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:33
+msgid "A canaille server at `localhost:5000 <http://localhost:5000>`_"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:34
+msgid "A dummy client at `localhost:5001 <http://localhost:5001>`_"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:35
+msgid "Another dummy client at `localhost:5002 <http://localhost:5002>`_"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:37
+msgid "The canaille server has some default users:"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:39
+msgid "A regular user which login and password are **user**;"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:40
+msgid "A moderator user which login and password are **moderator**;"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:41
+msgid "An admin user which admin and password are **admin**;"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:42
+msgid ""
+"A new user which login is **james**. This user has no password yet, and "
+"his first attempt to log-in would result in sending a password "
+"initialization email (if a smtp server is configured)."
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:47 ../../doc/development/specifications.rst:62
+msgid "Backends"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:49
+msgid "Canaille comes with several backends:"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:51
+msgid "a lightweight test purpose `memory` backend"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:52
+msgid "a `sql` backend, based on sqlalchemy"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:53
+msgid "a production-ready `LDAP` backend"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:56
+msgid "Docker environment"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:58
+msgid ""
+"If you want to develop with docker, your browser needs to be able to "
+"reach the `canaille` container. The docker-compose file exposes the right"
+" ports, but front requests are from outside the docker network: the "
+"`canaille` url that makes sense for docker, points nowhere from your "
+"browser. As exposed ports are on `localhost`, you need to tell your "
+"computer that `canaille` url means `localhost`."
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:63
+msgid "To do that, you can add the following line to your `/etc/hosts`:"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:69
+msgid "To launch containers, use:"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:84
+msgid "Local environment"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:98
+msgid ""
+"If you want to run the demo locally with the LDAP backend, you need to "
+"have `OpenLDAP <https://www.openldap.org/>`_ installed on your system. It"
+" is generally shipped under the ``slapd`` or ``openldap`` package name."
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:103
+msgid ""
+"On Debian or Ubuntu systems, the OpenLDAP `slapd` binary usage might be "
+"restricted by apparmor, and thus makes the tests and the demo fail. This "
+"can be mitigated by removing apparmor restrictions on `slapd`."
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:113
+msgid "Populate the database"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:115
+msgid ""
+"The demo database comes populated with some random users and groups. If "
+"you need more, you can generate users and groups with the ``populate`` "
+"command:"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:126
+msgid ""
+"Adapt to use either the `ldap` or the `sql` configuration file. Note that"
+" this will not work with the memory backend."
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:129
+msgid "Unit tests"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:131
+msgid ""
+"To run the tests, you just can run `uv run pytest` and/or `uv run tox` to"
+" test all the supported python environments. Everything must be green "
+"before patches get merged."
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:134
+msgid ""
+"To test a specific backend you can pass ``--backend memory``, ``--backend"
+" sql`` or ``--backend ldap`` to pytest and tox."
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:136
+msgid ""
+"The test coverage is 100%, patches won't be accepted if not entirely "
+"covered. You can check the test coverage with ``uv run pytest --cov "
+"--cov-report=html`` or ``uv run tox -e coverage -- --cov-report=html``. "
+"You can check the HTML coverage report in the newly created `htmlcov` "
+"directory."
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:141
+msgid "Code style"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:143
+msgid ""
+"We use `ruff <https://docs.astral.sh/ruff/>`_ along with other tools to "
+"format our code. Please run ``uv run tox -e style`` on your patches "
+"before submitting them. In order to perform a style check and correction "
+"at each commit you can use our `pre-commit <https://pre-commit.com/>`_ "
+"configuration with ``uv run pre-commit install``."
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:149
+msgid "Front"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:151
+msgid ""
+"The interface is built upon the `Fomantic UI <https://fomantic-ui.com/>`_"
+" CSS framework. The dynamical parts of the interface use `htmx "
+"<https://htmx.org/>`_."
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:154
+msgid ""
+"Using Javascript in the interface is tolerated, but the whole website "
+"MUST be accessible for browsers without Javascript support, and without "
+"any feature loss."
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:156
+msgid ""
+"Because of Fomantic UI we have a dependency to jQuery, however new "
+"contributions should not depend on jQuery at all. See the `related issue "
+"<https://gitlab.com/yaal/canaille/-/issues/130>`_."
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:161
+msgid "Translations"
+msgstr ""
+
+#: ../../canaille/translations/README.rst:1
+msgid ""
+"Translations are done with `Weblate "
+"<https://hosted.weblate.org/projects/canaille/canaille>`_."
+msgstr ""
+
+#: ../../canaille/translations/README.rst:3
+msgid ""
+"The following commands are there as documentation, only the message "
+"extraction is needed for contributors. All the other steps are "
+"automatically done with Weblate."
+msgstr ""
+
+#: ../../canaille/translations/README.rst:8
+msgid "Message extraction"
+msgstr ""
+
+#: ../../canaille/translations/README.rst:10
+msgid ""
+"After you have edited translatable strings, you should extract the "
+"messages with:"
+msgstr ""
+
+#: ../../canaille/translations/README.rst:17
+msgid "Language addition"
+msgstr ""
+
+#: ../../canaille/translations/README.rst:19
+msgid ""
+"You can add a new language manually with the following command, however "
+"this should not be needed as Weblate takes car of this:"
+msgstr ""
+
+#: ../../canaille/translations/README.rst:26
+msgid "Catalog update"
+msgstr ""
+
+#: ../../canaille/translations/README.rst:28
+msgid ""
+"You can update the catalogs with the following command, however this "
+"should not be needed as Weblate automatically update language catalogs "
+"when it detects new strings or when someone translate some existing "
+"strings. Weblate pushes happen every 24h."
+msgstr ""
+
+#: ../../canaille/translations/README.rst:36
+msgid "Catalog compilation"
+msgstr ""
+
+#: ../../canaille/translations/README.rst:38
+msgid ""
+"You can compile the catalogs with the following command, however this "
+"should not be needed as catalogs are automatically compiled before "
+"running the unit tests, before launching the demo and before compiling "
+"the Canaille python package:"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:166
+msgid "Documentation"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:168
+msgid "The documentation is generated when the tests run:"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:174
+msgid ""
+"You can also run sphinx by hand, that should be faster since it avoids "
+"the tox environment initialization:"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:180
+msgid "The generated documentation is located at ``build/sphinx/html``."
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:183
+msgid "Publish a new release"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:185
+msgid ""
+"Check that dependencies are up to date with ``uv sync --all-extras "
+"--upgrade`` and update dependencies accordingly in separated commits;"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:186
+msgid ""
+"Check that tests are still green for every supported python version, and "
+"that coverage is still at 100%, by running ``uv run tox``;"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:187
+msgid ""
+"Check that the demo environments are still working, both the local and "
+"the Docker one;"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:188
+msgid ""
+"Check that the :ref:`development/changelog:Release notes` section is "
+"correctly filled up;"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:189
+msgid "Increase the version number in ``pyproject.toml``;"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:190
+msgid "Commit with ``git commit``;"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:191
+msgid "Build with ``uv build``;"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:192
+msgid ""
+"Publish on test PyPI with ``uv publish --publish-url "
+"https://test.pypi.org/legacy/``;"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:193
+msgid ""
+"Install the test package somewhere with ``pip install --extra-index-url "
+"https://test.pypi.org/simple --upgrade canaille``. Check that everything "
+"looks fine;"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:194
+msgid "Publish on production PyPI ``uv publish``;"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:195
+msgid "Tag the commit with ``git tag XX.YY.ZZ``;"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:196
+msgid ""
+"Push the release commit and the new tag on the repository with ``git push"
+" --tags``."
+msgstr ""
+
+#: ../../doc/development/index.rst:2
+msgid "Development"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:2
+msgid "Specifications"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:4
+msgid ""
+"This page details which specifications are implemented in Canaille, and "
+"compares Canaille with other well-known identity providers."
+msgstr ""
+
+#: ../../doc/development/specifications.rst:7
+msgid "State of the specs in Canaille"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:10
+msgid "OAuth2"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:12
+msgid "✅ `RFC6749: OAuth 2.0 Framework <https://tools.ietf.org/html/rfc6749>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:13
+msgid ""
+"✅ `RFC6750: OAuth 2.0 Bearer Tokens "
+"<https://tools.ietf.org/html/rfc6750>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:14
+msgid ""
+"✅ `RFC7009: OAuth 2.0 Token Revocation "
+"<https://tools.ietf.org/html/rfc7009>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:15
+msgid ""
+"❌ `RFC7523: JWT Profile for OAuth 2.0 Client Authentication and "
+"Authorization Grants <https://tools.ietf.org/html/rfc7523>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:16
+msgid ""
+"✅ `RFC7591: OAuth 2.0 Dynamic Client Registration Protocol "
+"<https://tools.ietf.org/html/rfc7591>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:17
+msgid ""
+"✅ `RFC7592: OAuth 2.0 Dynamic Client Registration Management Protocol "
+"<https://tools.ietf.org/html/rfc7592>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:18
+msgid ""
+"✅ `RFC7636: Proof Key for Code Exchange by OAuth Public Clients "
+"<https://tools.ietf.org/html/rfc7636>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:19
+msgid ""
+"✅ `RFC7662: OAuth 2.0 Token Introspection "
+"<https://tools.ietf.org/html/rfc7662>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:20
+msgid ""
+"✅ `RFC8414: OAuth 2.0 Authorization Server Metadata "
+"<https://tools.ietf.org/html/rfc8414>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:21
+msgid ""
+"❌ `RFC8428: OAuth 2.0 Device Authorization Grant "
+"<https://tools.ietf.org/html/rfc8428>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:22
+msgid ""
+"❌ `RFC8693: OAuth 2.0 Token Exchange "
+"<https://tools.ietf.org/html/rfc8693>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:23
+msgid ""
+"❌ `RFC8705: OAuth 2.0 Mutual-TLS Client Authentication and Certificate-"
+"Bound Access Tokens <https://tools.ietf.org/html/rfc8705>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:24
+msgid ""
+"❌ `RFC8707: Resource Indicators for OAuth 2.0 "
+"<https://tools.ietf.org/html/rfc8707>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:25
+msgid ""
+"❌ `RFC9068: JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens "
+"<https://tools.ietf.org/html/rfc9068>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:26
+msgid ""
+"❌ `RFC9101: OAuth 2.0 JWT-Secured Authorization Request (JAR) "
+"<https://tools.ietf.org/html/rfc9101>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:27
+msgid ""
+"❌ `RFC9126: OAuth 2.0 Pushed Authorization Requests "
+"<https://tools.ietf.org/html/rfc9126>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:28
+msgid ""
+"❌ `RFC9207: OAuth 2.0 Authorization Server Issuer Identification "
+"<https://tools.ietf.org/html/rfc9207>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:29
+msgid ""
+"❌ `RFC9394: OAuth 2.0 Rich Authorization Requests <https://www.rfc-"
+"editor.org/rfc/rfc9396.html>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:30
+msgid ""
+"❌ `OAuth2 Multiple Response Types <https://openid.net/specs/oauth-v2"
+"-multiple-response-types-1_0.html>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:31
+msgid ""
+"❌ `OAuth2 Form Post Response Mode <https://openid.net/specs/oauth-v2"
+"-form-post-response-mode-1_0.html>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:34
+msgid "OpenID Connect"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:36
+msgid ""
+"✅ `OpenID Connect Core <https://openid.net/specs/openid-connect-"
+"core-1_0.html>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:37
+msgid ""
+"✅ `OpenID Connect Discovery <https://openid.net/specs/openid-connect-"
+"discovery-1_0.html>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:38
+msgid ""
+"✅ `OpenID Connect Dynamic Client Registration <https://openid.net/specs"
+"/openid-connect-registration-1_0.html>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:39
+msgid ""
+"✅ `OpenID Connect RP Initiated Logout <https://openid.net/specs/openid-"
+"connect-rpinitiated-1_0.html>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:40
+msgid ""
+"❌ `OpenID Connect Session Management <https://openid.net/specs/openid-"
+"connect-session-1_0.html>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:41
+msgid ""
+"❌ `OpenID Connect Front Channel Logout <https://openid.net/specs/openid-"
+"connect-frontchannel-1_0.html>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:42
+msgid ""
+"❌ `OpenID Connect Back Channel Logout <https://openid.net/specs/openid-"
+"connect-backchannel-1_0.html>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:43
+msgid ""
+"❌ `OpenID Connect Back Channel Authentication Flow "
+"<https://openid.net/specs/openid-client-initiated-backchannel-"
+"authentication-core-1_0.html>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:44
+msgid ""
+"❌ `OpenID Connect Core Error Code unmet_authentication_requirements "
+"<https://openid.net/specs/openid-connect-unmet-authentication-"
+"requirements-1_0.html>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:45
+msgid ""
+"✅ `Initiating User Registration via OpenID Connect 1.0 "
+"<https://openid.net/specs/openid-connect-prompt-create-1_0.html>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:48
+#: ../../doc/development/specifications.rst:64
+msgid "SCIM"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:50
+msgid ""
+"❌ `RFC7642: System for Cross-domain Identity Management: Definitions, "
+"Overview, Concepts, and Requirements <https://www.rfc-"
+"editor.org/rfc/rfc7642>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:51
+msgid ""
+"❌ `RFC7643: System for Cross-domain Identity Management: Core Schema "
+"<https://www.rfc-editor.org/rfc/rfc7642>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:52
+msgid ""
+"❌ `RFC7644: System for Cross-domain Identity Management: Protocol "
+"<https://www.rfc-editor.org/rfc/rfc7642>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:55
+msgid "Comparison with other providers"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:57
+msgid "Here is a feature comparison with other OpenID Connect server software."
+msgstr ""
+
+#: ../../doc/development/specifications.rst:59
+msgid ""
+"Canaille voluntarily only implements the OpenID Connect protocol to keep "
+"its codebase simple."
+msgstr ""
+
+#: ../../doc/development/specifications.rst:62
+msgid "Software"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:62
+msgid "Project"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:62
+msgid "Protocols implementations"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:64
+msgid "FLOSS"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:64
+msgid "Language"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:64
+msgid "LOC"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:64
+msgid "OIDC"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:64
+msgid "SAML"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:64
+msgid "CAS"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:64
+msgid "LDAP"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:64
+msgid "SQL"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:66
+msgid "Canaille"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:66
+#: ../../doc/development/specifications.rst:68
+#: ../../doc/development/specifications.rst:70
+#: ../../doc/development/specifications.rst:72
+#: ../../doc/development/specifications.rst:74
+#: ../../doc/development/specifications.rst:76
+#: ../../doc/development/specifications.rst:78
+#: ../../doc/development/specifications.rst:80
+#: ../../doc/development/specifications.rst:82
+#: ../../doc/development/specifications.rst:84
+#: ../../doc/development/specifications.rst:86
+#: ../../doc/development/specifications.rst:88
+msgid "✅"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:66
+#: ../../doc/development/specifications.rst:72
+#: ../../doc/development/specifications.rst:74
+msgid "Python"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:66
+msgid "10k"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:66
+#: ../../doc/development/specifications.rst:68
+#: ../../doc/development/specifications.rst:70
+#: ../../doc/development/specifications.rst:72
+#: ../../doc/development/specifications.rst:74
+#: ../../doc/development/specifications.rst:76
+#: ../../doc/development/specifications.rst:78
+#: ../../doc/development/specifications.rst:82
+#: ../../doc/development/specifications.rst:86
+#: ../../doc/development/specifications.rst:88
+msgid "❌"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:68
+msgid "`Auth0`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:68
+#: ../../doc/development/specifications.rst:78
+#: ../../doc/development/specifications.rst:80
+#: ../../doc/development/specifications.rst:88
+msgid "❔"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:70
+msgid "`Authelia`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:70
+#: ../../doc/development/specifications.rst:82
+msgid "Go"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:70
+#: ../../doc/development/specifications.rst:82
+msgid "50k"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:72
+msgid "`Authentic2`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:72
+msgid "65k"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:74
+msgid "`Authentik`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:74
+msgid "55k"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:76
+msgid "`CAS`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:76
+#: ../../doc/development/specifications.rst:80
+#: ../../doc/development/specifications.rst:84
+msgid "Java"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:76
+msgid "360k"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:78
+msgid "`Connect2id`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:80
+msgid "`Gluu`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:82
+msgid "`Hydra`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:84
+msgid "`Keycloak`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:84
+msgid "600k"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:86
+msgid "`LemonLDAP`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:86
+msgid "Perl"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:86
+msgid "130k"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:88
+msgid "`Okta`_"
+msgstr ""
+
diff --git a/doc/locales/fr_FR/LC_MESSAGES/development/changelog.po b/doc/locales/fr_FR/LC_MESSAGES/development/changelog.po
new file mode 100644
index 00000000..3a32756c
--- /dev/null
+++ b/doc/locales/fr_FR/LC_MESSAGES/development/changelog.po
@@ -0,0 +1,1392 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) 2024, Yaal Coop
+# This file is distributed under the same license as the canaille package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, 2024.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: canaille 0.0.56\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2024-11-22 15:37+0100\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language: fr_FR\n"
+"Language-Team: fr_FR <LL@li.org>\n"
+"Plural-Forms: nplurals=2; plural=(n > 1);\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Generated-By: Babel 2.16.0\n"
+
+#: ../../doc/development/changelog.rst:2 b953fe737ee247f583dd6c9212acef59
+msgid "Release notes"
+msgstr ""
+
+#: ../../doc/development/changelog.rst:4 40dbf3144baf490ab44d2f0f499b9b1e
+msgid "All notable changes to this project will be documented in there."
+msgstr ""
+
+#: ../../doc/development/changelog.rst:6 8c832c6f18f54d8bba77166a15f18c63
+msgid ""
+"The format is based on `Keep a Changelog "
+"<https://keepachangelog.com/en/1.0.0/>`_, and this project adheres to "
+"`Semantic Versioning <https://semver.org/spec/v2.0.0.html>`_."
+msgstr ""
+
+#: ../../CHANGES.rst:2 8927273f210040ebbad5c6071b5006c2
+msgid "[0.0.57] - Unreleased"
+msgstr ""
+
+#: ../../CHANGES.rst:5 ../../CHANGES.rst:20 ../../CHANGES.rst:48
+#: ../../CHANGES.rst:67 ../../CHANGES.rst:74 ../../CHANGES.rst:93
+#: ../../CHANGES.rst:151 ../../CHANGES.rst:177 ../../CHANGES.rst:192
+#: ../../CHANGES.rst:241 ../../CHANGES.rst:267 ../../CHANGES.rst:286
+#: ../../CHANGES.rst:294 ../../CHANGES.rst:303 ../../CHANGES.rst:327
+#: ../../CHANGES.rst:360 ../../CHANGES.rst:386 ../../CHANGES.rst:433
+#: ../../CHANGES.rst:461 ../../CHANGES.rst:491 ../../CHANGES.rst:547
+#: ../../CHANGES.rst:580 ../../CHANGES.rst:601 ../../CHANGES.rst:611
+#: ../../CHANGES.rst:634 ../../CHANGES.rst:701 ../../CHANGES.rst:739
+#: ../../CHANGES.rst:756 ../../CHANGES.rst:792 0125c583218243cd94ca0859ba8e8a3d
+#: 03978660cd4b4c99a7145f52b82bcb27 051b1f61ec4c4fcf87fc2cfa31698a20
+#: 1316ff00915a48649c3b2598062dab41 2b24cede68ea4a7ab37483a2a3a2326d
+#: 2cf6afabae70487db640141c4ceb399e 37617587803b4f4383375d882f13d0a1
+#: 4234c89cb14d4364931015ca8817b153 4e64a471c6214f42a1f4dfe262f2799e
+#: 61a4e6fd45e34a939958f583cef6f230 6338d173211048ff9def65d83a72edfc
+#: 68a4c23f628444bd96f96f57c39e4f23 68eeab3654994232b50ae3785a1490cd
+#: 69df7421a9fd47aa8fee7f2d50d6a474 807b12dc61b2479a9e55dbc1d76660a5
+#: 8982b2425feb472ab36a0c0443eff5e1 8a44683142bb4cb683d38ccf17b25252
+#: 98b317b0afda4de591c4ca2542704cc1 a4835d93fc9548fe86a3cb3e66fe162c
+#: b579d76d8b884c69a1e52a208019f69e bbfe28d18576409cb70b9dc2b2c61bf4
+#: be26a5b28a3546a19e7fc2a9ecbe4eb2 d11739187bc54daa9b6d8400d3590f0b
+#: d22dbd6c80e644d0a9caa4d9ace64ca8 e3956055d373407394d165eae011cb4f
+#: e41dbb00721a434aae8f93d3ff56483e f02e722cf8b942a7b5b49492c72bdaca
+#: f286f296f1704be2a4858bbc27e1d644 fc5801109e2d485ab43e984382ad54a9
+msgid "Added"
+msgstr ""
+
+#: ../../CHANGES.rst:6 49fa6dfcaf764f5bb6ae66591f201aae
+msgid "Password compromission check :issue:`179`"
+msgstr ""
+
+#: ../../CHANGES.rst:7 17a4f3bd684041b5a2a1d78b8f01a550
+msgid ""
+":attr:`~canaille.core.configuration.CoreSettings.ADMIN_EMAIL` and "
+":attr:`~canaille.core.configuration.CoreSettings.ENABLE_PASSWORD_COMPROMISSION_CHECK`"
+" and :attr:`~canaille.core.configuration.CoreSettings.API_URL_HIBP` "
+":issue:`179`"
+msgstr ""
+
+#: ../../CHANGES.rst:13 a9b16de086804e25b67bf261e9464331
+msgid "[0.0.56] - 2024-11-07"
+msgstr ""
+
+#: ../../CHANGES.rst:16 ../../CHANGES.rst:58 ../../CHANGES.rst:97
+#: ../../CHANGES.rst:105 ../../CHANGES.rst:113 ../../CHANGES.rst:120
+#: ../../CHANGES.rst:127 ../../CHANGES.rst:141 ../../CHANGES.rst:169
+#: ../../CHANGES.rst:182 ../../CHANGES.rst:200 ../../CHANGES.rst:219
+#: ../../CHANGES.rst:227 ../../CHANGES.rst:253 ../../CHANGES.rst:261
+#: ../../CHANGES.rst:281 ../../CHANGES.rst:311 ../../CHANGES.rst:341
+#: ../../CHANGES.rst:349 ../../CHANGES.rst:373 ../../CHANGES.rst:393
+#: ../../CHANGES.rst:415 ../../CHANGES.rst:425 ../../CHANGES.rst:446
+#: ../../CHANGES.rst:454 ../../CHANGES.rst:477 ../../CHANGES.rst:500
+#: ../../CHANGES.rst:512 ../../CHANGES.rst:521 ../../CHANGES.rst:530
+#: ../../CHANGES.rst:539 ../../CHANGES.rst:559 ../../CHANGES.rst:566
+#: ../../CHANGES.rst:616 ../../CHANGES.rst:624 ../../CHANGES.rst:649
+#: ../../CHANGES.rst:657 ../../CHANGES.rst:665 ../../CHANGES.rst:678
+#: ../../CHANGES.rst:692 ../../CHANGES.rst:724 ../../CHANGES.rst:747
+#: ../../CHANGES.rst:778 007bdc1185b34411a9989032def6e734
+#: 0487135731d04a3aa314ceea5915edb4 088404ba603e4fbc8b21a95de856436e
+#: 0b05d07458664d0db19ed122dd1a8192 0e84f3d232f643f09baaeabe9354c988
+#: 10a8191daed24f1cab994480cc9c9967 23667c30b6bd4767a30b60942f8137b5
+#: 2e0624e4b4674f0394070c123f740c4b 3b079330d4e04813a1c0e70e8fb8087a
+#: 3e326d57ad8d40309c34d461a0604e6d 4509ce4b8cb44db596393715aa3a478e
+#: 45f00c89b1664977bdb1233ed3d8507a 4a0617fb05f7460480f47d292565de76
+#: 51b78297b8b54438aec1819d5b22d814 5969c0c275ad40628372a22803af272e
+#: 5997f1b979e24ab09974b1fb77de5768 5a3b4a133f654c048b11d19445c95edb
+#: 661d8dddba944038a5d780784f2d36b6 66897f90441343b8aaf02e321ca1c10f
+#: 673a58291a8543f3a0a894e07b649384 6d138086a0c34278aa90ec27616ca9c0
+#: 6e81fa4e83924342aeae30e444d40ef7 6ed18713552a42ab8852cf086b724461
+#: 6f2945ce69f748e289da0447f96c2be6 722bd0a5308444df85d24f9f18bdcb6c
+#: 83dc0e83285145c980a70e24660a16ea 85173bffae504994a975371bf96abd14
+#: ad7c89feb9d74c29afb5be9b6c9dd959 b325380f6ffc4fa7bf0cdbf98c21af99
+#: b5822b7da25e4772bdfdb1c821c02f6b b6f339b8b13c4b70a96bcc74500018b5
+#: c449dccd3424400d814861607e1c7f99 c6ff05030e01477c836d2c793e19f3e9
+#: ca0e632319334167b644a293ba3e8da4 ccfb26fdc8a242598b4846e994bdccde
+#: d996fb33e1d3452d8aeace6959df8bec dfa42b4e8bea4b7b86ed46c4b91509f9
+#: e096bf03b4174cd4b92005c2a873e444 e5743e4b4647495a998c5dc6674f2d0d
+#: f04e3cbb35c64a0f8eb5e73c81b9cc57 f32bfb230dc54a85bb934cd98c378aea
+#: f77db81c82ff43acb59b840d3a785859 febfb86b50494ae28cc6f18fb3dc1764
+msgid "Fixed"
+msgstr ""
+
+#: ../../CHANGES.rst:17 bdec2ee1aca34f16886bd18ac53a7644
+msgid ""
+"With LDAP backend, updating another user groups could result in a "
+"permission lost for the editor. :issue:`202`"
+msgstr ""
+
+#: ../../CHANGES.rst:21 a83f3ed53e38436f860b2d4e4ee7a14f
+msgid ""
+":attr:`~canaille.core.configuration.CoreSettings.MAX_PASSWORD_LENGHT` and"
+" :attr:`~canaille.core.configuration.CoreSettings.MIN_PASSWORD_LENGHT` "
+"configuration options :issue:`174`"
+msgstr ""
+
+#: ../../CHANGES.rst:23 9e5501878fd049edb1c68e497d3461e8
+msgid "Password strength visual indicator :issue:`174`"
+msgstr ""
+
+#: ../../CHANGES.rst:24 b8dfb3be3e7d46bbbd5f3e38d79d85a7
+msgid "Security events logs :issue:`177`"
+msgstr ""
+
+#: ../../CHANGES.rst:25 170ac8c915d34af4b0be1427dfb94d4f
+msgid "Support for Python 3.13 :pr:`186`"
+msgstr ""
+
+#: ../../CHANGES.rst:28 ../../CHANGES.rst:41 ../../CHANGES.rst:53
+#: ../../CHANGES.rst:78 ../../CHANGES.rst:86 ../../CHANGES.rst:134
+#: ../../CHANGES.rst:158 ../../CHANGES.rst:210 ../../CHANGES.rst:247
+#: ../../CHANGES.rst:316 ../../CHANGES.rst:332 ../../CHANGES.rst:368
+#: ../../CHANGES.rst:405 ../../CHANGES.rst:440 ../../CHANGES.rst:483
+#: ../../CHANGES.rst:587 ../../CHANGES.rst:641 ../../CHANGES.rst:673
+#: ../../CHANGES.rst:687 05341edb23f9457ba7c9bd3987687183
+#: 1be6e9d75caa4ff0b6813f9ce5c8d5a2 1c6470a4e53e43f48208dc4111a4a2a8
+#: 243b09f2700544c1a75d41efb3b74bb7 2da78da44c2246eb9450e8397233b7d4
+#: 3d4b412e4e7f47e6a0cd06955509f3bd 3da1ec593e1e461ca0b282b90d913862
+#: 4c389d7dc8234fc5b31262a4e181b122 505c97bab1d548e195269d36b421a775
+#: 5b236db2a7de4154bdaf581fd2a24455 8566e6dfaaff4fd18c3e809d9265eba6
+#: 972d637bb6b649778d67f37a6a7a22a6 977e856b0a574461b0e8ed71f4ff4ffb
+#: 9d3405c899ac498b80eb85fa2c4f4e64 a7ccc52ad3ac4b48a8be79849f611cb6
+#: b847d5e65bcf4e93b4ecbe282285a141 e64c59795a944dd28070b1f476581240
+#: e8f91fdee09a49eb8008f27774c7c5c9 f8f0417fc5b848fda8ec71068eda0393
+msgid "Changed"
+msgstr ""
+
+#: ../../CHANGES.rst:29 dd048821567d4e49af30e67f4c47103c
+msgid "Update to HTMX 2.0.3 :pr:`184`"
+msgstr ""
+
+#: ../../CHANGES.rst:30 4084e27a86394f33867d7239e59e6bea
+msgid "Migrate from poetry to uv :pr:`187`"
+msgstr ""
+
+#: ../../CHANGES.rst:31 6a0cf89a022f4f5b8502d927d835951f
+msgid ""
+"The ``sql`` package extra is now split between ``sqlite``, ``postgresql``"
+" and ``mysql``."
+msgstr ""
+
+#: ../../CHANGES.rst:34 ../../CHANGES.rst:378 ../../CHANGES.rst:784
+#: 0ed515407ffc47c780b03fa4519b1ca7 12aaef7c56474ce48f52af0702cd178e
+#: 6656baf3e85f4cfd96e9ed62fac5ae78
+msgid "Removed"
+msgstr ""
+
+#: ../../CHANGES.rst:35 07953d82baf44f0db6cc2278ceaf269b
+msgid "End support for python 3.9. :pr:`179`"
+msgstr ""
+
+#: ../../CHANGES.rst:38 5fa95f977dbd4265865f64d7e42dec39
+msgid "[0.0.55] - 2024-08-30"
+msgstr ""
+
+#: ../../CHANGES.rst:42 e9901054edc44653900edc69f8d6fde7
+msgid "Use poetry-core build backend. :pr:`178`"
+msgstr ""
+
+#: ../../CHANGES.rst:45 f91a035f08fc4076ad9637ccd860abe2
+msgid "[0.0.54] - 2024-07-25"
+msgstr ""
+
+#: ../../CHANGES.rst:49 2a7996d226fd493c826457882881f1f9
+msgid ""
+"Group member removal can be achieved from the group edition page "
+":issue:`192`"
+msgstr ""
+
+#: ../../CHANGES.rst:50 cad21b9996ca424f83f01d8db016371f
+msgid "Model management commands :issue:`117` :issue:`54`"
+msgstr ""
+
+#: ../../CHANGES.rst:54 6b13d83d04764aba9f42401630e68939
+msgid "Model `identifier_attributes` are fixed."
+msgstr ""
+
+#: ../../CHANGES.rst:55 c6040e83c46443189bf69d945b928fd8
+msgid "Bump to htmx 1.9.12 :pr:`172`"
+msgstr ""
+
+#: ../../CHANGES.rst:60 6ca29c12340d4e4494ce6879b489eb28
+msgid "Dark theme colors for better readability"
+msgstr ""
+
+#: ../../CHANGES.rst:61 de4774aefa8c4745809602f22d150c3d
+msgid "Crash for passwordless users at login when no SMTP server was configured."
+msgstr ""
+
+#: ../../CHANGES.rst:64 e3328c3129ea4dc3a1db531991c57d85
+msgid "[0.0.53] - 2024-04-22"
+msgstr ""
+
+#: ../../CHANGES.rst:68 0d7fe02c47ea4e17b0ef72a288440bd1
+msgid "`env_prefix` create_app variable can select the environment var prefix."
+msgstr ""
+
+#: ../../CHANGES.rst:71 8d9f6d0d35374b39ad83bf53251a14cc
+msgid "[0.0.52] - 2024-04-22"
+msgstr ""
+
+#: ../../CHANGES.rst:75 32199e42abcf4b23933031beffe769c0
+msgid "`env_file` create_app variable can customize/disable the .env file"
+msgstr ""
+
+#: ../../CHANGES.rst:79 401111928fc34feb9272364166b105b2
+msgid "Locked users cannot be impersonated anymore."
+msgstr ""
+
+#: ../../CHANGES.rst:80 a214f59b30c04a708ecef89514c7d46f
+msgid "Minimum python requirement is 3.9."
+msgstr ""
+
+#: ../../CHANGES.rst:83 8c14a591bdf84d82ae7aa30bee8d94a9
+msgid "[0.0.51] - 2024-04-09"
+msgstr ""
+
+#: ../../CHANGES.rst:87 4bf1248127bb4cf8af69abf7df835658
+msgid "Display the menu bar on error pages."
+msgstr ""
+
+#: ../../CHANGES.rst:90 541743d76fa64548901b83eabf825abb
+msgid "[0.0.50] - 2024-04-09"
+msgstr ""
+
+#: ../../CHANGES.rst:94 1827e805745947cdbbe7f9e67b90ea71
+msgid "Sign in/out events are logged in :issue:`177`"
+msgstr ""
+
+#: ../../CHANGES.rst:98 167211a08f6c473f97a730a4128a0b38
+msgid "HTMX and JAVASCRIPT configuration settings."
+msgstr ""
+
+#: ../../CHANGES.rst:99 dc4b4e101ae5484a96c92c90424d39e1
+msgid "Compatibility with old sessions IDs."
+msgstr ""
+
+#: ../../CHANGES.rst:102 d0e1de26bdea41f2bc8aeff69bfcf386
+msgid "[0.0.49] - 2024-04-08"
+msgstr ""
+
+#: ../../CHANGES.rst:106 d909a539577b4cddacd4c9abcde77d07
+msgid "LDAP user group removal."
+msgstr ""
+
+#: ../../CHANGES.rst:107 9b033c0897f94c27880b5c1a02065273
+msgid "Display an error message when trying to remove the last user from a group."
+msgstr ""
+
+#: ../../CHANGES.rst:110 9971fac7643f4e67b3f08a955f68ad2f
+msgid "[0.0.48] - 2024-04-08"
+msgstr ""
+
+#: ../../CHANGES.rst:114 bb813e98f6054468a4db1346adef2dbd
+msgid "LDAP objectClass guessing exception."
+msgstr ""
+
+#: ../../CHANGES.rst:117 39656a75074041628c38126830d285a4
+msgid "[0.0.47] - 2024-04-08"
+msgstr ""
+
+#: ../../CHANGES.rst:121 933ff1cc04924324b1f18329f393ce53
+msgid "Lazy permission loading exception."
+msgstr ""
+
+#: ../../CHANGES.rst:124 9f158cb712bf4035a680812921a75956
+msgid "[0.0.46] - 2024-04-08"
+msgstr ""
+
+#: ../../CHANGES.rst:128 091f328b894c425eae39f1e645798d77
+msgid ""
+"Saving an object with the LDAP backend keeps the objectClass un-managed "
+"by Canaille. :pr:`171`"
+msgstr ""
+
+#: ../../CHANGES.rst:131 366a30f8bbb64a55ba03347cf6c1ef14
+msgid "[0.0.45] - 2024-04-04"
+msgstr ""
+
+#: ../../CHANGES.rst:135 212d52d0d8204396ba53062383a6591f
+msgid ""
+"Internal indexation mechanism of "
+":class:`~canaille.backends.memory.model.MemoryModel`"
+msgstr ""
+
+#: ../../CHANGES.rst:138 cdc31795a25b4667b879c856594b3219
+msgid "[0.0.44] - 2024-03-29"
+msgstr ""
+
+#: ../../CHANGES.rst:142 a47297bb8f7a487da4be0f2c6714a508
+msgid "Fix the default LDAP USER_FILTER value"
+msgstr ""
+
+#: ../../CHANGES.rst:143 7b60e45b9a114c7e8b596465811de32c
+msgid "Fix the OIDC feature detection"
+msgstr ""
+
+#: ../../CHANGES.rst:146 6fe2ccbf1a3c4a10a9027058a355a8d5
+msgid "[0.0.43] - 2024-03-29"
+msgstr ""
+
+#: ../../CHANGES.rst:148 23cb4f6afc88442fb78da6cc01b72994
+msgid "🚨Configuration files must be updated.🚨"
+msgstr ""
+
+#: ../../CHANGES.rst:153 eec7be14b382411780febe777f457fc2
+msgid "Add `created` and `last_modified` datetime for all models"
+msgstr ""
+
+#: ../../CHANGES.rst:154 ae31112ef9cb4d99815847b3442fd989
+msgid "Sitemap to the documentation :pr:`169`"
+msgstr ""
+
+#: ../../CHANGES.rst:155 f8a8944ee68c43e0b502f4e4586617c7
+msgid "Configuration management with pydantic-settings :issue:`138` :pr:`170`"
+msgstr ""
+
+#: ../../CHANGES.rst:160 b4db97cf152c42c1a7c0d8e4742ce3bf
+msgid "Use default python logging configuration format. :issue:`188` :pr:`165`"
+msgstr ""
+
+#: ../../CHANGES.rst:161 3bad9d766b934e83904c8453837f4b56
+msgid "Bump to htmx 1.99.11 :pr:`166`"
+msgstr ""
+
+#: ../../CHANGES.rst:162 567c0839f9c34d0c95fcc1f47c6c0959
+msgid ""
+"Use the standard tomllib python module instead of `toml` starting from "
+"python 3.11 :pr:`167`"
+msgstr ""
+
+#: ../../CHANGES.rst:163 d3ecadf15f1348d6a4716f524043cc89
+msgid "Use shibuya as the documentation theme :pr:`168`"
+msgstr ""
+
+#: ../../CHANGES.rst:166 2c46a90c1f994c21956cb9ae180ecfeb
+msgid "[0.0.42] - 2023-12-29"
+msgstr ""
+
+#: ../../CHANGES.rst:171 308f3903de604e6d9236bcf00d769b5e
+msgid "Avoid to fail on imports if ``cryptography`` is missing."
+msgstr ""
+
+#: ../../CHANGES.rst:174 1374d9b0ed624731bf674e0a8833a58c
+msgid "[0.0.41] - 2023-12-25"
+msgstr ""
+
+#: ../../CHANGES.rst:179 14963beceb7246c3a1b6342505f34998
+msgid "OIDC `prompt=create` support. :issue:`185` :pr:`164`"
+msgstr ""
+
+#: ../../CHANGES.rst:184 59218726e94a4c9ebcf6f10efb2f672c
+msgid "Correctly set up Client audience during OIDC dynamic registration."
+msgstr ""
+
+#: ../../CHANGES.rst:185 87ad3206d3fc4aa0b7d50387f402fe4e
+msgid ""
+"``post_logout_redirect_uris`` was ignored during OIDC dynamic "
+"registration."
+msgstr ""
+
+#: ../../CHANGES.rst:186 6e7c346de51b40d3b14644f4e0f3e5fc
+msgid "Group field error prevented the registration form validation."
+msgstr ""
+
+#: ../../CHANGES.rst:189 d6c7e10243be4b5b915e75f025dcb544
+msgid "[0.0.40] - 2023-12-22"
+msgstr ""
+
+#: ../../CHANGES.rst:194 913ef14cd29843479a065fde1fdf056b
+msgid "``THEME`` can be a relative path"
+msgstr ""
+
+#: ../../CHANGES.rst:197 ec358936809d4d4ca1ea37efc4046638
+msgid "[0.0.39] - 2023-12-15"
+msgstr ""
+
+#: ../../CHANGES.rst:202 d5ba2f04fb3244328141f0d34e78a83a
+msgid "Crash when no ACL were defined"
+msgstr ""
+
+#: ../../CHANGES.rst:203 d923912320f643df9861438d83f87a33
+msgid "OIDC Userinfo endpoint is also available in POST"
+msgstr ""
+
+#: ../../CHANGES.rst:204 0c6600fdec4f4d90ad959a714191eed6
+msgid "Fix redirection after password reset :issue:`159`"
+msgstr ""
+
+#: ../../CHANGES.rst:207 54dae082411a462ab86f892e84ec7d03
+msgid "[0.0.38] - 2023-12-15"
+msgstr ""
+
+#: ../../CHANGES.rst:212 35a215464c9147118d8e2612056f114c
+msgid "Convert all the png in webp. :pr:`162`"
+msgstr ""
+
+#: ../../CHANGES.rst:213 b69015e35a2d4e32bbb0aeb7c5deb4b5
+msgid "Update to flask 3 :issue:`161` :pr:`163`"
+msgstr ""
+
+#: ../../CHANGES.rst:216 cf38d0baf7384aa1bfc0a593041f3cc5
+msgid "[0.0.37] - 2023-12-01"
+msgstr ""
+
+#: ../../CHANGES.rst:221 6013f95269f842eeab177eefbf7dc22b
+msgid "Handle 4xx and 5xx error codes with htmx. :issue:`171` :pr:`161`"
+msgstr ""
+
+#: ../../CHANGES.rst:224 654f86051b784d3cb6a50601907474cd
+msgid "[0.0.36] - 2023-12-01"
+msgstr ""
+
+#: ../../CHANGES.rst:229 fbdeab944a24477486321320b8632ad0
+msgid "Avoid crashing when LDAP groups references unexisting users."
+msgstr ""
+
+#: ../../CHANGES.rst:230 89a4bf4e5f9546fe90560bc01f1b3114
+msgid ""
+"Password reset and initialization mails were only sent to the preferred "
+"user email address."
+msgstr ""
+
+#: ../../CHANGES.rst:232 ac5160b2673e4323b53eef77fa3c6377
+msgid ""
+"Password reset and initialization mails were not sent at all the user "
+"addresses if one email address could not be reached."
+msgstr ""
+
+#: ../../CHANGES.rst:234 bfe919707374471c8528f789f95f841d
+msgid "Password comparison was too permissive on login."
+msgstr ""
+
+#: ../../CHANGES.rst:235 91332f76075d4bcbabfacad3a0e06ac3
+msgid "Encrypt passwords in the SQL backend."
+msgstr ""
+
+#: ../../CHANGES.rst:238 515b41fe279c4d169d8945be66a840bc
+msgid "[0.0.35] - 2023-11-25"
+msgstr ""
+
+#: ../../CHANGES.rst:243 cd9cc2a6d6b54601bd5083fd4a140050
+msgid ""
+"Refresh token grant supports other client authentication methods. "
+":pr:`157`"
+msgstr ""
+
+#: ../../CHANGES.rst:244 5b7437d731d54a5999d354a8be5489ae
+msgid "Implement a SQLAlchemy backend. :issue:`30` :pr:`158`"
+msgstr ""
+
+#: ../../CHANGES.rst:249 f0bf9b769b7b43ddbe427e8d5f28e6ae
+msgid "Model attributes cardinality is closer to SCIM model. :pr:`155`"
+msgstr ""
+
+#: ../../CHANGES.rst:250 1ce41231913044f384a9de0f7f96ae22
+msgid "Bump to htmx 1.9.9 :pr:`159`"
+msgstr ""
+
+#: ../../CHANGES.rst:255 8351661b912f48e39a72cb98a9068ca5
+msgid "Disable HTMX boosting during the OIDC dance. :pr:`160`"
+msgstr ""
+
+#: ../../CHANGES.rst:258 ace5739415d846d7b00e6c8946636080
+msgid "[0.0.34] - 2023-10-02"
+msgstr ""
+
+#: ../../CHANGES.rst:263 276aa40d06374cd6b9c554b30f1ec3bf
+msgid ""
+"Canaille installations without account lockabilty could not delete users."
+" :pr:`153`"
+msgstr ""
+
+#: ../../CHANGES.rst:269 f190522602804127b47b276cea07d314
+msgid ""
+"If users register or authenticate during a OAuth Authorization phase, "
+"they get redirected back to that page afterwards. :issue:`168` :pr:`151`"
+msgstr ""
+
+#: ../../CHANGES.rst:272 d94a556a500446e69f5e7daed22812be
+msgid "flask-babel and pytz are now part of the `front` extras"
+msgstr ""
+
+#: ../../CHANGES.rst:273 364cb001baac408a9b89782a2161aebe
+msgid "Bump to fomantic-ui 2.9.3 :pr:`152`"
+msgstr ""
+
+#: ../../CHANGES.rst:274 9810cae84305458a8566e2fa477e3d0a
+msgid "Bump to htmx 1.9.6 :pr:`154`"
+msgstr ""
+
+#: ../../CHANGES.rst:275 86b075164fe24f9487437fec98102a80
+msgid "Add support for python 3.12 :pr:`155`"
+msgstr ""
+
+#: ../../CHANGES.rst:278 a08b8fa3e5bb4635a8b9dde8f1394fed
+msgid "[0.0.33] - 2023-08-26"
+msgstr ""
+
+#: ../../CHANGES.rst:283 d004ef51361b4f239aad47bff5e3ac41
+msgid "OIDC jwks endpoint do not return empty kid claim"
+msgstr ""
+
+#: ../../CHANGES.rst:288 923d07875a1d4848b57c2d9586ba992e
+msgid "Documentation details on the canaille models."
+msgstr ""
+
+#: ../../CHANGES.rst:291 92fa88da8da64ac0bea4e50961ee140c
+msgid "[0.0.32] - 2023-08-17"
+msgstr ""
+
+#: ../../CHANGES.rst:296 e209c6d3a5bb487a8a0b76258d6e9d60
+msgid "Additional inmemory backend :issue:`30` :pr:`149`"
+msgstr ""
+
+#: ../../CHANGES.rst:297 bc4fbd86ddbc4b3880ea246fef1a0163
+msgid "Installation extras :issue:`167` :pr:`150`"
+msgstr ""
+
+#: ../../CHANGES.rst:300 b9fa32026c05490e9c73fc5297f6ed61
+msgid "[0.0.31] - 2023-08-15"
+msgstr ""
+
+#: ../../CHANGES.rst:305 94f1df8be04f4046b0fa3ca7651f6b8e
+msgid "Configuration option to disable the forced usage of OIDC nonce :pr:`143`"
+msgstr ""
+
+#: ../../CHANGES.rst:306 42fff4ae7f0349908683a9d511805869
+msgid "Validate phone numbers with a regex :pr:`146`"
+msgstr ""
+
+#: ../../CHANGES.rst:307 3ed81e72ff7f4c409698c35ec91ad04d
+msgid "Email verification :issue:`41` :pr:`147`"
+msgstr ""
+
+#: ../../CHANGES.rst:308 774f017b2c314cec9685f6c85ce32108
+msgid "Account registration :issue:`55` :pr:`133` :pr:`148`"
+msgstr ""
+
+#: ../../CHANGES.rst:313 1d413d46cb92419f80e944e6aeb16333
+msgid "The `check` command uses the default configuration values."
+msgstr ""
+
+#: ../../CHANGES.rst:318 d3b68d52c0964a3f9933749c5a209283
+msgid "Modals do not need use javascript at the moment. :issue:`158` :pr:`144`"
+msgstr ""
+
+#: ../../CHANGES.rst:321 a4c908dee0734b9ab3997f415639cf28
+msgid "[0.0.30] - 2023-07-06"
+msgstr ""
+
+#: ../../CHANGES.rst:323 eb07e82a8fb34cebb6351252cd115c2b
+msgid ""
+"🚨Configuration files must be updated.🚨 Check the new format with ``git "
+"diff 0.0.29 0.0.30 canaille/conf/config.sample.toml``"
+msgstr ""
+
+#: ../../CHANGES.rst:329 b4bd90296d1d47af89aba539655f8f82
+msgid "Configuration option to disable javascript :pr:`141`"
+msgstr ""
+
+#: ../../CHANGES.rst:334 72cc852826a247d5b06228a7c185c4b8
+msgid "Configuration ``USER_FILTER`` is parsed with jinja."
+msgstr ""
+
+#: ../../CHANGES.rst:335 ec3775541c444b57b12b74bc5a96742f
+msgid ""
+"Configuration use ``PRIVATE_KEY_FILE`` instead of ``PRIVATE_KEY`` and "
+"``PUBLIC_KEY_FILE`` instead of ``PUBLIC_KEY``"
+msgstr ""
+
+#: ../../CHANGES.rst:338 94a54df320c1406ab44dab2824fcd953
+msgid "[0.0.29] - 2023-06-30"
+msgstr ""
+
+#: ../../CHANGES.rst:343 8fc4dedd2b2543629eea185f7da6f42c
+msgid "Disabled HTMX boosting on OIDC forms to avoid errors."
+msgstr ""
+
+#: ../../CHANGES.rst:346 2d1c74ad63c0479cb1474fd7db4d0145
+msgid "[0.0.28] - 2023-06-30"
+msgstr ""
+
+#: ../../CHANGES.rst:351 5631fc7eb7914b4bab2b5b6358e1d60a
+msgid "A template variable was misnamed."
+msgstr ""
+
+#: ../../CHANGES.rst:354 b0d8621a55644b419f22af6e811d58bd
+msgid "[0.0.27] - 2023-06-29"
+msgstr ""
+
+#: ../../CHANGES.rst:356 d0683d18c05b457a8cf22f754633d390
+msgid ""
+"🚨Configuration files must be updated.🚨 Check the new format with ``git "
+"diff 0.0.26 0.0.27 canaille/conf/config.sample.toml``"
+msgstr ""
+
+#: ../../CHANGES.rst:362 34f99d193d834b98bbd4817fdb5af20f
+msgid ""
+"Configuration entries can be loaded from files if the entry key has a "
+"*_FILE* suffix and the entry value is the path to the file. :issue:`134` "
+":pr:`134`"
+msgstr ""
+
+#: ../../CHANGES.rst:364 196181fff8114b51a4dd6851dd20b92c
+msgid "Field list support. :issue:`115` :pr:`136`"
+msgstr ""
+
+#: ../../CHANGES.rst:365 0156b03aeb334f1aa8345cb270b48756
+msgid "Pages are boosted with HTMX :issue:`144` :issue:`145` :pr:`137`"
+msgstr ""
+
+#: ../../CHANGES.rst:370 3a74e9a4d66046779063b2592e045285
+msgid "Bump to jquery 3.7.0 :pr:`138`"
+msgstr ""
+
+#: ../../CHANGES.rst:375 35f1d85e4cd9431aa96424bd25208d1b
+msgid "Profile edition when the user RDN was not ``uid`` :issue:`148` :pr:`139`"
+msgstr ""
+
+#: ../../CHANGES.rst:380 8d0199c3a26b454a985ddb1082b5bdb1
+msgid "Stop support for python 3.7 :pr:`131`"
+msgstr ""
+
+#: ../../CHANGES.rst:383 b54fbc48f5394d2ead7b5ec7315ecb80
+msgid "[0.0.26] - 2023-06-03"
+msgstr ""
+
+#: ../../CHANGES.rst:388 85efd66bc5994ce687098c0503095fcf
+msgid ""
+"Implemented account expiration based on OpenLDAP ppolicy overlay. Needs "
+"OpenLDAP 2.5+ :issue:`13` :pr:`118`"
+msgstr ""
+
+#: ../../CHANGES.rst:390 bc2b1d5ea9ab418bb6a8f9c661adebbc
+msgid "Timezone configuration entry. :issue:`137` :pr:`130`"
+msgstr ""
+
+#: ../../CHANGES.rst:395 171f3b2b12524bbc931afd1ea6db3e50
+msgid "Avoid setting ``None`` in JWT claims when they have no value."
+msgstr ""
+
+#: ../../CHANGES.rst:396 79c76be5954045f8b53315616fe21675
+msgid "Display password recovery button on OIDC login page. :pr:`129`"
+msgstr ""
+
+#: ../../CHANGES.rst:399 684dbc7af50949fa898caf64b6f035fe
+msgid "[0.0.25] - 2023-05-05"
+msgstr ""
+
+#: ../../CHANGES.rst:401 39a87402ccbe4dcbb8ec410338e9027c
+msgid ""
+"🚨Configuration files must be updated.🚨 Check the new format with ``git "
+"diff 0.0.25 0.0.24 canaille/conf/config.sample.toml``"
+msgstr ""
+
+#: ../../CHANGES.rst:407 551972a73a66474bb2f9dac1527250cf
+msgid "Renamed user model attributes to match SCIM naming convention. :pr:`123`"
+msgstr ""
+
+#: ../../CHANGES.rst:408 3dc71347819447909160d063b9a7db59
+msgid "Moved OIDC related configuration entries in ``OIDC``"
+msgstr ""
+
+#: ../../CHANGES.rst:409 c1d8c2c5084046f3b7bbe20fdf0557e7
+msgid "Moved ``LDAP`` configuration entry to ``BACKENDS.LDAP``"
+msgstr ""
+
+#: ../../CHANGES.rst:410 98f58ffce1014bb49f854597f95ee53e
+msgid "Bumped to htmx 1.9.0 :pr:`124`"
+msgstr ""
+
+#: ../../CHANGES.rst:411 3ce37ba19f54476b9d025653f843ec38
+msgid ""
+"ACL filters are no more LDAP filters but user attribute mappings. "
+":pr:`125`"
+msgstr ""
+
+#: ../../CHANGES.rst:412 2c65421b623544fcbf758af9798b687b
+msgid "Bumped to htmx 1.9.2 :pr:`127`"
+msgstr ""
+
+#: ../../CHANGES.rst:417 a401d129c5994222aec3dc8c7a81fb93
+msgid "``OIDC.JWT.MAPPING`` configuration entry is really optional now."
+msgstr ""
+
+#: ../../CHANGES.rst:418 4d7c22dba82c40a085052828baf362dc
+msgid "Fixed empty model attributes registration :pr:`125`"
+msgstr ""
+
+#: ../../CHANGES.rst:419 b3bc4785f19e487e995763c1e9eac55b
+msgid "Password initialization mails were not correctly sent. :pr:`128`"
+msgstr ""
+
+#: ../../CHANGES.rst:422 ddc0b07069bf449fb65b6c7024a02721
+msgid "[0.0.24] - 2023-04-07"
+msgstr ""
+
+#: ../../CHANGES.rst:427 228ec0acb22e46f999fadf41accac34a
+msgid "Fixed avatar update. :pr:`122`"
+msgstr ""
+
+#: ../../CHANGES.rst:430 9f203b56717c498f8133d8dc6ad78fcc
+msgid "[0.0.23] - 2023-04-05"
+msgstr ""
+
+#: ../../CHANGES.rst:435 6ebaef9c1d5c453a8e02181222d3406d
+msgid "Organization field. :pr:`116`"
+msgstr ""
+
+#: ../../CHANGES.rst:436 4c78eb5a32cc449b8b76683f5d15322b
+msgid "ETag and Last-Modified headers on user photos. :pr:`116`"
+msgstr ""
+
+#: ../../CHANGES.rst:437 6f6ebd50147a4714a4cd6e69e10af4f1
+msgid "Dynamic form validation :pr:`120`"
+msgstr ""
+
+#: ../../CHANGES.rst:442 bfaeeb80d6ad41d5ab7c6eec94aa8d54
+msgid "UX rework. Submenu addition. :pr:`114`"
+msgstr ""
+
+#: ../../CHANGES.rst:443 f9cd9a23ba6b48a0b7416432db4ee2b2
+msgid "Properly handle LDAP date timezones. :pr:`117`"
+msgstr ""
+
+#: ../../CHANGES.rst:448 f3589fa4cdcf490b97bc1d94ad4b25a0
+msgid "CSRF protection on every forms. :pr:`119`"
+msgstr ""
+
+#: ../../CHANGES.rst:451 a8d0b74b5a3a4f83b9588f078b139426
+msgid "[0.0.22] - 2023-03-13"
+msgstr ""
+
+#: ../../CHANGES.rst:455 5dfb6cc3639f4dbabd82bc60c9f27063
+msgid "faker is not imported anymore when the `clean` command is called."
+msgstr ""
+
+#: ../../CHANGES.rst:458 594169630346460cb9a1d47434d5bac1
+msgid "[0.0.21] - 2023-03-12"
+msgstr ""
+
+#: ../../CHANGES.rst:463 b5dc191b86b84829acafdfb7158cbb65
+msgid "Display TOS and policy URI on the consent list page. :pr:`102`"
+msgstr ""
+
+#: ../../CHANGES.rst:464 e7c598b0ebae43babfc3c336fb3fbf71
+msgid "Admin token deletion :pr:`100` :pr:`101`"
+msgstr ""
+
+#: ../../CHANGES.rst:465 e6fcf26480ba43a9a40bb159f8bde348
+msgid "Revoked consents can be restored. :pr:`103`"
+msgstr ""
+
+#: ../../CHANGES.rst:466 95a4a5e40ccc43e09a53e8a1b6276376
+msgid ""
+"Pre-consented clients are displayed in the user consent list, and their "
+"consents can be revoked. :issue:`69` :pr:`103`"
+msgstr ""
+
+#: ../../CHANGES.rst:468 ddff6021ec63429c9c185fcdd93096fd
+msgid ""
+"A ``populate`` command can be used to fill the database with random users"
+" generated with faker. :pr:`105`"
+msgstr ""
+
+#: ../../CHANGES.rst:470 b3b272a9400044eaba8158f0daa0c0d5
+msgid "SMTP SSL support. :pr:`108`"
+msgstr ""
+
+#: ../../CHANGES.rst:471 516eb7a492da400f95527c1419649eb3
+msgid "Server side pagination. :issue:`114` :pr:`111`"
+msgstr ""
+
+#: ../../CHANGES.rst:472 32250cac90ec44618e330a516c33d9c6
+msgid "Department number support. :issue:`129`"
+msgstr ""
+
+#: ../../CHANGES.rst:473 d950f5a579db48909072536d95e91c05
+msgid "Address edition support (but not in the OIDC claims yet) :pr:`112`"
+msgstr ""
+
+#: ../../CHANGES.rst:474 913cf5b4f05047a0bc64bdce3c49255f
+msgid "Title edition support :pr:`113`"
+msgstr ""
+
+#: ../../CHANGES.rst:479 add34f76e10b4a2986005779334f3940
+msgid ""
+"Client deletion also deletes related Consent, Token and AuthorizationCode"
+" objects. :issue:`126` :pr:`98`"
+msgstr ""
+
+#: ../../CHANGES.rst:485 215c34173f74444bb5f793b0fdc2d8bb
+msgid "Removed datatables."
+msgstr ""
+
+#: ../../CHANGES.rst:488 d244ef4a2d2e4fb4b87468dab9041ea2
+msgid "[0.0.20] - 2023-01-28"
+msgstr ""
+
+#: ../../CHANGES.rst:493 6a15bbd7f57949bb828987afe18521ea
+msgid "Spanish translation. :pr:`85` :pr:`88`"
+msgstr ""
+
+#: ../../CHANGES.rst:494 99b1323d25b94195824650d9f1edc2f2
+msgid "Dedicated connectivity test email :pr:`89`"
+msgstr ""
+
+#: ../../CHANGES.rst:495 cd74e88113ea4dd5b1bf52a0c7080260
+msgid "Update to jquery 3.6.3 :pr:`90`"
+msgstr ""
+
+#: ../../CHANGES.rst:496 61846539bdfa4149b6e2190ae4aeb785
+msgid "Update to fomantic-ui 2.9.1 :pr:`90`"
+msgstr ""
+
+#: ../../CHANGES.rst:497 25d836c7d71743649502f95c89eb1945
+msgid "Update to datatables 1.13.1 :pr:`90`"
+msgstr ""
+
+#: ../../CHANGES.rst:502 6ac3c75c071a4beda3606aaf0549c422
+msgid "Fix typos and grammar errors. :pr:`84`"
+msgstr ""
+
+#: ../../CHANGES.rst:503 130373c3d7d2468397a52197fe575885
+msgid "Fix wording and punctuations. :pr:`86`"
+msgstr ""
+
+#: ../../CHANGES.rst:504 c891fa84f8344c829d0f12b22cb8c212
+msgid "Fix HTML lang tag :issue:`122` :pr:`87`"
+msgstr ""
+
+#: ../../CHANGES.rst:505 9b760fbb3585400689b68d3bd29f9ff1
+msgid "Automatically trims the HTML translated strings. :pr:`91`"
+msgstr ""
+
+#: ../../CHANGES.rst:506 e652821eae824b4888d8248bb84b5744
+msgid "Fixed dynamic registration scope management. :issue:`123` :pr:`93`"
+msgstr ""
+
+#: ../../CHANGES.rst:509 2e4d232bc1dc4df9b422f293fa659100
+msgid "[0.0.19] - 2023-01-14"
+msgstr ""
+
+#: ../../CHANGES.rst:514 7bda5c915ba9434b809397f5274a6de4
+msgid ""
+"Ensures the token `expires_in` claim and the `access_token` `exp` claim "
+"have the same value. :pr:`83`"
+msgstr ""
+
+#: ../../CHANGES.rst:518 9143cf51154d45f28274bdda680886d4
+msgid "[0.0.18] - 2022-12-28"
+msgstr ""
+
+#: ../../CHANGES.rst:523 83dc2033954045699ea53d7d2263b6c1
+msgid ""
+"OIDC end_session was not returning the ``state`` parameter in the "
+"``post_logout_redirect_uri`` :pr:`82`"
+msgstr ""
+
+#: ../../CHANGES.rst:527 f61656a46d294a8fb91032254181c7e6
+msgid "[0.0.17] - 2022-12-26"
+msgstr ""
+
+#: ../../CHANGES.rst:532 a64cd4f54327461da8921ffb21976acc
+msgid "Fixed group deletion button. :pr:`80`"
+msgstr ""
+
+#: ../../CHANGES.rst:533 9e3667cccf2b44939a318b8ebf7e93b9
+msgid "Fixed post requests in oidc clients views. :pr:`81`"
+msgstr ""
+
+#: ../../CHANGES.rst:536 b91fa7c1ea6a4d01b722548add0639be
+msgid "[0.0.16] - 2022-12-15"
+msgstr ""
+
+#: ../../CHANGES.rst:541 6d65191c80314a0e94b4c6c05386e563
+msgid "Fixed LDAP operational attributes handling."
+msgstr ""
+
+#: ../../CHANGES.rst:544 af14f518a45f424ead7a5df098258fc5
+msgid "[0.0.15] - 2022-12-15"
+msgstr ""
+
+#: ../../CHANGES.rst:549 c54ff84eb6e544d1b3a864585e4f2be0
+msgid "User can chose their favourite display name. :pr:`77`"
+msgstr ""
+
+#: ../../CHANGES.rst:550 48da4cb14c5c4dd29fadf0a0d75a0e72
+msgid "Bumped to authlib 1.2. :pr:`78`"
+msgstr ""
+
+#: ../../CHANGES.rst:551 d84bbd0f614e4cd7b8a8a96996f309d9
+msgid ""
+"Implemented RFC7592 OAuth 2.0 Dynamic Client Registration Management "
+"Protocol :pr:`79`"
+msgstr ""
+
+#: ../../CHANGES.rst:553 d15f082b4d544940a563d780f8bc1e08
+msgid "Added ``nonce`` to the ``claims_supported`` server metadata list."
+msgstr ""
+
+#: ../../CHANGES.rst:556 88dc1bd8ca5c4bb8a7f9bd52cdc75830
+msgid "[0.0.14] - 2022-11-29"
+msgstr ""
+
+#: ../../CHANGES.rst:560 6d5d1d529eba4b15a456d64fd13e39a1
+msgid "Fixed translation mo files packaging."
+msgstr ""
+
+#: ../../CHANGES.rst:563 4c1c3a24fd6c4d379d56069dbd99a08b
+msgid "[0.0.13] - 2022-11-21"
+msgstr ""
+
+#: ../../CHANGES.rst:568 61292635681d41bd8a0811165d589512
+msgid ""
+"Fixed a bug on the contacts field in the admin client form following the "
+"LDAP schema update of 0.0.12"
+msgstr ""
+
+#: ../../CHANGES.rst:570 681e8dd9afdb4f2e958b78bbfc4ed595
+msgid ""
+"Fixed a bug happening during RP initiated logout on clients without "
+"`post_logout_redirect_uri` defined."
+msgstr ""
+
+#: ../../CHANGES.rst:572 e448157c32c243aeae3c13ccbbec1cd1
+msgid "Gitlab CI fix. :pr:`64`"
+msgstr ""
+
+#: ../../CHANGES.rst:573 b7167e49350f44bf93df250bbf94b7bc
+msgid "Fixed `client_secret` display on the client administration page. :pr:`65`"
+msgstr ""
+
+#: ../../CHANGES.rst:574 eb962d6e5bf645b7ab7fd89c05b29d04
+msgid "Fixed non-square logo CSS. :pr:`67`"
+msgstr ""
+
+#: ../../CHANGES.rst:575 5d6456ea544442f09281af419d6bd9ce
+msgid "Fixed schema path on installation. :pr:`68`"
+msgstr ""
+
+#: ../../CHANGES.rst:576 2071fc0debdb4b2ab2eacb7ada57a027
+msgid "Fixed RFC7591 ``software_statement`` claim support. :pr:`70`"
+msgstr ""
+
+#: ../../CHANGES.rst:577 c63eef91b1b6400facb7ab15a2f7e33f
+msgid "Fixed client preconsent disabling. :pr:`72`"
+msgstr ""
+
+#: ../../CHANGES.rst:582 cfd3fd338517432c9b2e55d6da22d651
+msgid "Python 3.11 support. :pr:`61`"
+msgstr ""
+
+#: ../../CHANGES.rst:583 544c46511d2c4bf2b567fca0f666022e
+msgid "apparmor slapd configuration instructions in CONTRIBUTING.rst :pr:`66`"
+msgstr ""
+
+#: ../../CHANGES.rst:584 6c51bb0dce3d4d35af9247f9bac46f2c
+msgid "``preferredLanguage`` attribute support. :pr:`75`"
+msgstr ""
+
+#: ../../CHANGES.rst:589 9e52448d99194eb4ae9411a0c87e7b26
+msgid ""
+"Replaced the use of the deprecated `FLASK_ENV` environment variable by "
+"`FLASK_DEBUG`."
+msgstr ""
+
+#: ../../CHANGES.rst:591 92aa84a20bce44098992a9bb2c03c6fa
+msgid ""
+"Dynamically generate the server metadata. Users won't have to copy and "
+"manually edit ``oauth-authorizationserver.json`` and ``openid-"
+"configuration.json``. :pr:`71`"
+msgstr ""
+
+#: ../../CHANGES.rst:594 8d805e80f7ab481e9d54828c09fe704d
+msgid "The `FROM_ADDR` configuration option is not mandatory anymore. :pr:`73`"
+msgstr ""
+
+#: ../../CHANGES.rst:595 512672f6749541e28c776052005debaa
+msgid "The `JWT.ISS` configuration option is not mandatory anymore. :pr:`74`"
+msgstr ""
+
+#: ../../CHANGES.rst:598 719465d8df524d6aa66f1458157f57d5
+msgid "[0.0.12] - 2022-10-24"
+msgstr ""
+
+#: ../../CHANGES.rst:603 4118a5125b4841a190cd4f857244dc22
+msgid "Basic WebFinger endpoint. :pr:`59`"
+msgstr ""
+
+#: ../../CHANGES.rst:604 801ca69eff1f4540b54ca42b2dfaf866
+msgid "Bumped to FomanticUI 2.9.0 00ffffee"
+msgstr ""
+
+#: ../../CHANGES.rst:605 00f2d1f75caa439aa8283e1a05d463aa
+msgid "Implemented Dynamic Client Registration :pr:`60`"
+msgstr ""
+
+#: ../../CHANGES.rst:608 f3edd3260cce435abc5a1930ff239e5a
+msgid "[0.0.11] - 2022-08-11"
+msgstr ""
+
+#: ../../CHANGES.rst:613 0d143febef754055a90791ec48a2574a
+msgid "Default theme has a dark variant. :pr:`57`"
+msgstr ""
+
+#: ../../CHANGES.rst:618 ac8fb78dd6754ffc829ab6f01315d2ba
+msgid "Fixed missing ``canaille`` binary. :pr:`58`"
+msgstr ""
+
+#: ../../CHANGES.rst:621 0533665fb4e945468fa03d4417985c07
+msgid "[0.0.10] - 2022-07-07"
+msgstr ""
+
+#: ../../CHANGES.rst:626 8b5fd21d60c64ca68f79696fad57bfc8
+msgid "Online demo. :pr:`55`"
+msgstr ""
+
+#: ../../CHANGES.rst:627 e36f295ed93e419fad2426e5e7856ea1
+msgid "The consent page was displaying scopes not supported by clients. :pr:`56`"
+msgstr ""
+
+#: ../../CHANGES.rst:628 72180e56a3034bf587e5d5278f41a28d
+msgid "Fixed end session when user are already disconnected."
+msgstr ""
+
+#: ../../CHANGES.rst:631 09398279ac44400da7f778c5d27cd8bf
+msgid "[0.0.9] - 2022-06-05"
+msgstr ""
+
+#: ../../CHANGES.rst:636 f4a57111a02546628456bbcbb9b10751
+msgid ""
+"``DISABLE_PASSWORD_RESET`` configuration option to disable password "
+"recovery. :pr:`46`"
+msgstr ""
+
+#: ../../CHANGES.rst:637 371609f8181e47fbb90792b94f91d4fe
+msgid "``edit_self`` ACL permission to control user self edition. :pr:`47`"
+msgstr ""
+
+#: ../../CHANGES.rst:638 cc9a1f22935b4af3b84edfc356b8951d
+msgid "Implemented RP-initiated logout :pr:`54`"
+msgstr ""
+
+#: ../../CHANGES.rst:643 87b28a41b81749a0811c045563f968bf
+msgid "Bumped to authlib 1 :pr:`48`"
+msgstr ""
+
+#: ../../CHANGES.rst:644 0c004930bd594c7cb50f01eed19476e6
+msgid "documentation improvements :pr:`50`"
+msgstr ""
+
+#: ../../CHANGES.rst:645 a7f6b2f166014b26b869d643a594b2cd
+msgid "use poetry instead of setuptools :pr:`51`"
+msgstr ""
+
+#: ../../CHANGES.rst:646 f64d736b7cd54dd49df64fef30d37a1c
+msgid "additional nonce tests :pr:`52`"
+msgstr ""
+
+#: ../../CHANGES.rst:650 d2bbdbfb81db485f8faa4204b0f1c746
+msgid "``HIDE_INVALID_LOGIN`` behavior and default value."
+msgstr ""
+
+#: ../../CHANGES.rst:651 cc47b7e41f7f4319ae1bf87e29fd58bd
+msgid "mo files are not versioned anymore :pr:`49` :pr:`53`"
+msgstr ""
+
+#: ../../CHANGES.rst:654 2eb795d5552d45f68359efb37ecdd3ee
+msgid "[0.0.8] - 2022-03-15"
+msgstr ""
+
+#: ../../CHANGES.rst:659 b178f8851ee34dbc9274c1e6db2d100f
+msgid "Fixed dependencies"
+msgstr ""
+
+#: ../../CHANGES.rst:662 6c8555c1480a47cb9f2b6f96498d2a84
+msgid "[0.0.7] - 2022-03-15"
+msgstr ""
+
+#: ../../CHANGES.rst:667 f0a2de638e994ff49c903d11d4b9112d
+msgid "Fixed spaces and escaped special char in ldap cn/dn :pr:`43`"
+msgstr ""
+
+#: ../../CHANGES.rst:670 65dea365c33d4b0bb1c6fac9db148a39
+msgid "[0.0.6] - 2022-03-08"
+msgstr ""
+
+#: ../../CHANGES.rst:675 88ac5497c1f2451ba95029292b3bea24
+msgid "Access token are JWT. :pr:`38`"
+msgstr ""
+
+#: ../../CHANGES.rst:680 503af07edfd3447185935dc6e6f0e510
+msgid "Default groups on invitations :pr:`41`"
+msgstr ""
+
+#: ../../CHANGES.rst:681 edd5b58b1dbb41dbb2c315fb1b2f2370
+msgid "Schemas are shipped within the canaille package :pr:`42`"
+msgstr ""
+
+#: ../../CHANGES.rst:684 83039d3d01dc42ffbdd81d08d677fc46
+msgid "[0.0.5] - 2022-02-17"
+msgstr ""
+
+#: ../../CHANGES.rst:689 4bc8cbfc22044525ac90dbca6bc2f9fc
+msgid "LDAP model objects have new identifiers :pr:`37`"
+msgstr ""
+
+#: ../../CHANGES.rst:694 46c43eba4bf34f96ac708b90493926d4
+msgid "Admin menu dropdown display :pr:`39`"
+msgstr ""
+
+#: ../../CHANGES.rst:695 19df29bb500d46029a53bf88a3b49be8
+msgid "`GROUP_ID_ATTRIBUTE` configuration typo :pr:`40`"
+msgstr ""
+
+#: ../../CHANGES.rst:698 4c9b4d6a4016491a966aeabc0bcc1097
+msgid "[0.0.4] - 2022-02-16"
+msgstr ""
+
+#: ../../CHANGES.rst:703 0bf19b3c295442caa42a71e7cedf78ab
+msgid "Client preauthorization :pr:`11`"
+msgstr ""
+
+#: ../../CHANGES.rst:704 6e96f08567764f97b7df3b6ac165ff5f
+msgid "LDAP permissions check with the check command :pr:`12`"
+msgstr ""
+
+#: ../../CHANGES.rst:705 f35445dc59084cd28fc850ac88ce5faf
+msgid ""
+"Update consents when a scope required is larger than the scope of an "
+"already given consent :pr:`13`"
+msgstr ""
+
+#: ../../CHANGES.rst:707 4f77fff113244c84910357f609823bf6
+msgid "Theme customization :pr:`15`"
+msgstr ""
+
+#: ../../CHANGES.rst:708 a17e63a679c742c48be42b3eb0c619bc
+msgid "Logging configuration :pr:`16`"
+msgstr ""
+
+#: ../../CHANGES.rst:709 9cde02d9ce3544779a2ec03427b3ad91
+msgid "Installation command :pr:`17`"
+msgstr ""
+
+#: ../../CHANGES.rst:710 d19d4b7176484d6e918acfc93bf0e2d3
+msgid "Invitation links :pr:`18`"
+msgstr ""
+
+#: ../../CHANGES.rst:711 f2e504d792e54511a40a9c5cfab43d06
+msgid "Advanced permissions :pr:`20`"
+msgstr ""
+
+#: ../../CHANGES.rst:712 f666c2446c044ee7a75246fd26b8533d
+msgid "An option to not use OIDC :pr:`23`"
+msgstr ""
+
+#: ../../CHANGES.rst:713 770117e57e384012943bf1b963ee57ed
+msgid "Disable some features when no SMTP server is configured :pr:`24`"
+msgstr ""
+
+#: ../../CHANGES.rst:714 450b7e3fb1a345a888fc22a71363b85f
+msgid ""
+"Login placeholder dynamically generated according to the configuration "
+":pr:`25`"
+msgstr ""
+
+#: ../../CHANGES.rst:715 c0a5164fc3f841099c3f38e28ccb59ba
+msgid "Added an option to tune object IDs :pr:`26`"
+msgstr ""
+
+#: ../../CHANGES.rst:716 50cbfe5b66ed41db8e48e7a93b611416
+msgid "Avatar support :pr:`27`"
+msgstr ""
+
+#: ../../CHANGES.rst:717 e32c480c5b99469699d6c3e28116c1b7
+msgid "Dynamical and configurable JWT claims :pr:`28`"
+msgstr ""
+
+#: ../../CHANGES.rst:718 63a7f081e0994aa9a4fb9aa38981d755
+msgid "UI improvements :pr:`29`"
+msgstr ""
+
+#: ../../CHANGES.rst:719 7c2ab828372c4997a726eec9c0713579
+msgid "Invitation links expiration :pr:`30`"
+msgstr ""
+
+#: ../../CHANGES.rst:720 38a72e0f5beb4718a059df0e7e308578
+msgid "Invitees can choose their IDs :pr:`31`"
+msgstr ""
+
+#: ../../CHANGES.rst:721 ddbe74ed313649308b6ab98456198355
+msgid "LDAP backend refactoring :pr:`35`"
+msgstr ""
+
+#: ../../CHANGES.rst:726 6e485e4e3b3741a9b269329a19237e29
+msgid "Fixed ghost members in a group :pr:`14`"
+msgstr ""
+
+#: ../../CHANGES.rst:727 8ef055e72f514424901798fa202cef04
+msgid "Fixed email sender names :pr:`19`"
+msgstr ""
+
+#: ../../CHANGES.rst:728 f0a07fe57b57478bb0678b48be12f462
+msgid "Fixed filter being not escaped :pr:`21`"
+msgstr ""
+
+#: ../../CHANGES.rst:729 140a09fe8d424d41a39c335de5605516
+msgid "Demo script good practices :pr:`32`"
+msgstr ""
+
+#: ../../CHANGES.rst:730 ecce3a2165a04c65acf4559f9fb7903c
+msgid "Binary path for Debian :pr:`33`"
+msgstr ""
+
+#: ../../CHANGES.rst:731 507756a0b9c54e27a73bca468b2d6374
+msgid ""
+"Last name was not mandatory in the forms while this was mandatory in the "
+"LDAP server :pr:`34`"
+msgstr ""
+
+#: ../../CHANGES.rst:733 e0b1632741454dfc837ae57ee1d20540
+msgid "Spelling typos :pr:`36`"
+msgstr ""
+
+#: ../../CHANGES.rst:736 c22c5d2bb72d4f24aa52e49c8d6705b1
+msgid "[0.0.3] - 2021-10-13"
+msgstr ""
+
+#: ../../CHANGES.rst:741 2cc5d5ce32eb49e2894d1f1d88d41ae1
+msgid "Two-steps sign-in :issue:`49`"
+msgstr ""
+
+#: ../../CHANGES.rst:742 f123282d6e1841008a8fc46e59fa6b73
+msgid "Tokens can have several audiences. :issue:`62` :pr:`9`"
+msgstr ""
+
+#: ../../CHANGES.rst:743 eb744023124d4e27bb95d97031dc772d
+msgid "Configuration check command. :issue:`66` :pr:`8`"
+msgstr ""
+
+#: ../../CHANGES.rst:744 9d4efea0eaa34978a7b8e1647140158d
+msgid "Groups management. :issue:`12` :pr:`6`"
+msgstr ""
+
+#: ../../CHANGES.rst:749 93e756795d784f93a5b146d8917f5986
+msgid "Introspection access bugfix. :issue:`63` :pr:`10`"
+msgstr ""
+
+#: ../../CHANGES.rst:750 080a57bd199c409db86f03476f6ba14c
+msgid "Introspection sub claim. :issue:`64` :pr:`7`"
+msgstr ""
+
+#: ../../CHANGES.rst:753 0dc9fc1412334f54a2d88f930d399ded
+msgid "[0.0.2] - 2021-01-06"
+msgstr ""
+
+#: ../../CHANGES.rst:758 d8894f6cb5ba46069fb0fcf6d788281e
+msgid "Login page is responsive. :issue:`1`"
+msgstr ""
+
+#: ../../CHANGES.rst:759 bd8151871c7043e1ab23b9a329b97fa3
+msgid "Adapt mobile keyboards to login page fields. :issue:`2`"
+msgstr ""
+
+#: ../../CHANGES.rst:760 900a77596f7f4f74aa6f7d92063d0313
+msgid "Password recovery interface. :issue:`3`"
+msgstr ""
+
+#: ../../CHANGES.rst:761 dcb6f2dcc8b040c08054afe5aa25ac9f
+msgid "User profile interface. :issue:`4`"
+msgstr ""
+
+#: ../../CHANGES.rst:762 e19659ec5aa048fab31a47bab447c05f
+msgid "Renamed the project *canaille*. :issue:`5`"
+msgstr ""
+
+#: ../../CHANGES.rst:763 9b165231e7a1497a9b16f88cec603b64
+msgid "Command to remove old tokens. :issue:`17`"
+msgstr ""
+
+#: ../../CHANGES.rst:764 9ddaf038c2b84f2a88748b749321b2a7
+msgid "Improved password recovery email. :issue:`14` :issue:`26`"
+msgstr ""
+
+#: ../../CHANGES.rst:765 cdeb34db9b5d4f5598b2202dbd439179
+msgid ""
+"Use flask `SERVER_NAME` configuration variable instead of `URL`. "
+":issue:`24`"
+msgstr ""
+
+#: ../../CHANGES.rst:766 8ad48575924e4b0c922baf7e23c3fd83
+msgid "Improved consents page. :issue:`27`"
+msgstr ""
+
+#: ../../CHANGES.rst:767 ffd55065337140a6a90449c06717225a
+msgid "Admin user page. :issue:`8`"
+msgstr ""
+
+#: ../../CHANGES.rst:768 08806c4fa60f49ae88c1f4b7557b6c5f
+msgid "Project logo. :pr:`29`"
+msgstr ""
+
+#: ../../CHANGES.rst:769 5fe1184956d14f33a531bfc78f6aa844
+msgid ""
+"User account self-deletion can be enabled in the configuration with "
+"`SELF_DELETION`. :issue:`35`"
+msgstr ""
+
+#: ../../CHANGES.rst:770 069ec9317ed340e9ba74cd3b99df96b0
+msgid "Admins can impersonate users. :issue:`39`"
+msgstr ""
+
+#: ../../CHANGES.rst:771 bd69e0ad71714b9ebc9ee753e798285f
+msgid "Forgotten page UX improvement. :pr:`43`"
+msgstr ""
+
+#: ../../CHANGES.rst:772 f745abf4158843ce8f5a338c061326d4
+msgid "Admins can remove clients. :pr:`45`"
+msgstr ""
+
+#: ../../CHANGES.rst:773 401588524d4f476d86f5da15088d03cd
+msgid ""
+"Option `HIDE_INVALID_LOGIN` that can be unactivated to let the user know "
+"if the login he attempt to sign in with exists or not. :pr:`48`"
+msgstr ""
+
+#: ../../CHANGES.rst:775 60d6a76f041442888c5582b4a9ae8bef
+msgid "Password initialization mail. :pr:`51`"
+msgstr ""
+
+#: ../../CHANGES.rst:780 6aa2b2cbfc18468bb3218a76287422c1
+msgid "Form translations. :issue:`19` :issue:`23`"
+msgstr ""
+
+#: ../../CHANGES.rst:781 34c7961d2a25459487fbe7f20081279f
+msgid "Avoid to use Google Fonts. :issue:`21`"
+msgstr ""
+
+#: ../../CHANGES.rst:786 aab08055fb7e413c90b6052a96377e3a
+msgid "'My tokens' page. :issue:`22`"
+msgstr ""
+
+#: ../../CHANGES.rst:789 3fda3f8a84304a3798f8e6ce4f7c85d2
+msgid "[0.0.1] - 2020-10-21"
+msgstr ""
+
+#: ../../CHANGES.rst:794 f0395a6cd6704b9a8a7932926ae63489
+msgid "Initial release."
+msgstr ""
+
diff --git a/doc/locales/fr_FR/LC_MESSAGES/development/contributing.po b/doc/locales/fr_FR/LC_MESSAGES/development/contributing.po
new file mode 100644
index 00000000..eefbc656
--- /dev/null
+++ b/doc/locales/fr_FR/LC_MESSAGES/development/contributing.po
@@ -0,0 +1,406 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) 2024, Yaal Coop
+# This file is distributed under the same license as the canaille package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, 2024.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: canaille 0.0.56\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2024-11-22 15:37+0100\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language: fr_FR\n"
+"Language-Team: fr_FR <LL@li.org>\n"
+"Plural-Forms: nplurals=2; plural=(n > 1);\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Generated-By: Babel 2.16.0\n"
+
+#: ../../CONTRIBUTING.rst:2 7c1ab3305147436fb9421dffeac09375
+msgid "Contributions"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:4 a73a38a924914b208c350201b99ade0c
+msgid "Contributions are welcome!"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:6 bb5639fbdf6c49bfa96bf0a26b42ee2a
+msgid ""
+"The repository is hosted at `gitlab.com/yaal/canaille "
+"<https://gitlab.com/yaal/canaille>`_."
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:9 e35b3518080c4b3ea444a26c2b7d821f
+msgid "Discuss"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:11 ddfd8d963ac7421baad588afafd95029
+msgid ""
+"If you want to implement a feature or a bugfix, please start by "
+"discussing it with us on the `bugtracker "
+"<https://gitlab.com/yaal/canaille/-/issues>`_ or the `matrix room "
+"<https://matrix.to/#/#canaille-discuss:yaal.coop>`_."
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:16 f13a93bafe4542cbbdfb561e66869288
+msgid "Development environment"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:18 146597b6b8d04f248ea98191137a6bcb
+msgid "You can either run the demo locally or with Docker."
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:20 9b1b9c06d6f640d3baab2194d63c2ca6
+msgid ""
+"The only tool required for local development is `uv`. Make sure to have "
+"uv `installed on your computer <https://docs.astral.sh/uv/getting-"
+"started/installation/>`_ to be able to hack Canaille."
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:24 6b736387b592498d83c96dfef8a38832
+msgid ""
+"Initialize your development environment with: - ``uv sync --extra front "
+"--extra oidc`` to have a minimal working development environment. This "
+"will allow you to run the tests with ``uv pytest --backend memory``. - "
+"``uv sync --extra front --extra oidc --extra sqlite`` to have a minimal "
+"working development environment with SQLite backend support. This will "
+"allow you to run the tests with ``uv pytest --backend sql``. - ``uv sync "
+"--extra front --extra oidc --extra ldap`` to have a minimal working "
+"development environment with LDAP backend support. This will allow you to"
+" run the tests with ``uv pytest --backend ldap``. - ``uv sync --all-"
+"extras`` if you want to have everything at your fingertips. Note that it "
+"may compile some Python dependencies that would expect things to be "
+"installed on your system; Some dependencies of Canaille might need to be "
+"compiled, so you probably want to check that `GCC` and `cargo` are "
+"available on your computer."
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:31 3ab70f5ffe36465a9be5ef3edfe0cb57
+msgid "After having launched the demo you have access to several services:"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:33 eab681954d7a4656bbaec53d33c0ecd0
+msgid "A canaille server at `localhost:5000 <http://localhost:5000>`_"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:34 f2dfbb5dbad74f6792f869598373fe7c
+msgid "A dummy client at `localhost:5001 <http://localhost:5001>`_"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:35 c26dbc13ffea4e578d5cbed572cf01f4
+msgid "Another dummy client at `localhost:5002 <http://localhost:5002>`_"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:37 643fc1a38e8c482faf9bb03f95b2a62c
+msgid "The canaille server has some default users:"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:39 9eb743b3da3f4eb0903ae5ef0a992566
+msgid "A regular user which login and password are **user**;"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:40 c4143060eb304659ae704ec6cba281de
+msgid "A moderator user which login and password are **moderator**;"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:41 411281aded7e464f87f1f8950e6c890c
+msgid "An admin user which admin and password are **admin**;"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:42 fe28d3c09b174c6fb5c9661c3bc6ca67
+msgid ""
+"A new user which login is **james**. This user has no password yet, and "
+"his first attempt to log-in would result in sending a password "
+"initialization email (if a smtp server is configured)."
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:47 b9f8753db1754411a6ddd40bee7fbffb
+msgid "Backends"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:49 881e10750d914144be34fb6f03ef7a9f
+msgid "Canaille comes with several backends:"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:51 285507e6da6b4af1a7b874ce68117d2e
+msgid "a lightweight test purpose `memory` backend"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:52 240e509e162041698e7f88044e704d04
+msgid "a `sql` backend, based on sqlalchemy"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:53 3d2495a25cec49e3b62f2c5514b380a6
+msgid "a production-ready `LDAP` backend"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:56 1637387b09f845958e4268668f7ce5a8
+msgid "Docker environment"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:58 5ce6e05911244aca97cc1405dc319d54
+msgid ""
+"If you want to develop with docker, your browser needs to be able to "
+"reach the `canaille` container. The docker-compose file exposes the right"
+" ports, but front requests are from outside the docker network: the "
+"`canaille` url that makes sense for docker, points nowhere from your "
+"browser. As exposed ports are on `localhost`, you need to tell your "
+"computer that `canaille` url means `localhost`."
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:63 23ce3f6f5ea44fe6ba4029203add5a27
+msgid "To do that, you can add the following line to your `/etc/hosts`:"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:69 9cd73a71e5fa41a3a2f4f80c0408c4ba
+msgid "To launch containers, use:"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:84 8cb412e1ce584a78b6a16c189480ab98
+msgid "Local environment"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:98 901a414c94e5400391f9dfe67b452e6f
+msgid ""
+"If you want to run the demo locally with the LDAP backend, you need to "
+"have `OpenLDAP <https://www.openldap.org/>`_ installed on your system. It"
+" is generally shipped under the ``slapd`` or ``openldap`` package name."
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:103 0c71c9d15abd4e128ecf38e66dccd052
+msgid ""
+"On Debian or Ubuntu systems, the OpenLDAP `slapd` binary usage might be "
+"restricted by apparmor, and thus makes the tests and the demo fail. This "
+"can be mitigated by removing apparmor restrictions on `slapd`."
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:113 d78b3b0b3f3e49f1b2991c7f953bfd51
+msgid "Populate the database"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:115 937755ec4cd44d28a300cfb31f4bdab0
+msgid ""
+"The demo database comes populated with some random users and groups. If "
+"you need more, you can generate users and groups with the ``populate`` "
+"command:"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:126 e6478d79102a420cb29373814615483c
+msgid ""
+"Adapt to use either the `ldap` or the `sql` configuration file. Note that"
+" this will not work with the memory backend."
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:129 8388b3135a7744cc9395de2be0754b97
+msgid "Unit tests"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:131 c0beac52adbd4f8cab1b1b2b3a685b5b
+msgid ""
+"To run the tests, you just can run `uv run pytest` and/or `uv run tox` to"
+" test all the supported python environments. Everything must be green "
+"before patches get merged."
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:134 087b9f6006f3453baffe1c6eb074925a
+msgid ""
+"To test a specific backend you can pass ``--backend memory``, ``--backend"
+" sql`` or ``--backend ldap`` to pytest and tox."
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:136 fb19a1dd39b94166861307d05981764c
+msgid ""
+"The test coverage is 100%, patches won't be accepted if not entirely "
+"covered. You can check the test coverage with ``uv run pytest --cov "
+"--cov-report=html`` or ``uv run tox -e coverage -- --cov-report=html``. "
+"You can check the HTML coverage report in the newly created `htmlcov` "
+"directory."
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:141 c529a55523124f2e89397fbc60ac0f7b
+msgid "Code style"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:143 925f6ac68525496584f01467bea4ad2d
+msgid ""
+"We use `ruff <https://docs.astral.sh/ruff/>`_ along with other tools to "
+"format our code. Please run ``uv run tox -e style`` on your patches "
+"before submitting them. In order to perform a style check and correction "
+"at each commit you can use our `pre-commit <https://pre-commit.com/>`_ "
+"configuration with ``uv run pre-commit install``."
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:149 db166a2976184377ab59ce537418ecbf
+msgid "Front"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:151 d25881c0189747eeabc777c2929c7008
+msgid ""
+"The interface is built upon the `Fomantic UI <https://fomantic-ui.com/>`_"
+" CSS framework. The dynamical parts of the interface use `htmx "
+"<https://htmx.org/>`_."
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:154 86502939ce9d443c86df95720e667a91
+msgid ""
+"Using Javascript in the interface is tolerated, but the whole website "
+"MUST be accessible for browsers without Javascript support, and without "
+"any feature loss."
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:156 1c42dcc54b6743a0821f42046438066b
+msgid ""
+"Because of Fomantic UI we have a dependency to jQuery, however new "
+"contributions should not depend on jQuery at all. See the `related issue "
+"<https://gitlab.com/yaal/canaille/-/issues/130>`_."
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:161 52abf5adbe644c6b82b87f4e5d2c5ebb
+msgid "Translations"
+msgstr ""
+
+#: ../../canaille/translations/README.rst:1 b1a8c4be2efd43c1a4e2282711ffbb63
+msgid ""
+"Translations are done with `Weblate "
+"<https://hosted.weblate.org/projects/canaille/canaille>`_."
+msgstr ""
+
+#: ../../canaille/translations/README.rst:3 1d4332b3eebd48fc98d28507c9be30a5
+msgid ""
+"The following commands are there as documentation, only the message "
+"extraction is needed for contributors. All the other steps are "
+"automatically done with Weblate."
+msgstr ""
+
+#: ../../canaille/translations/README.rst:8 111a6826ce7d4666aebf19ee04e5750c
+msgid "Message extraction"
+msgstr ""
+
+#: ../../canaille/translations/README.rst:10 2bf701d1dcb441938142ee5e9b03bd31
+msgid ""
+"After you have edited translatable strings, you should extract the "
+"messages with:"
+msgstr ""
+
+#: ../../canaille/translations/README.rst:17 424082dd69bc448bb50126f5e590f70c
+msgid "Language addition"
+msgstr ""
+
+#: ../../canaille/translations/README.rst:19 5be588cfe676499f8294cc593075c1ad
+msgid ""
+"You can add a new language manually with the following command, however "
+"this should not be needed as Weblate takes car of this:"
+msgstr ""
+
+#: ../../canaille/translations/README.rst:26 7db4259cd8504c73afa7b99db81efd41
+msgid "Catalog update"
+msgstr ""
+
+#: ../../canaille/translations/README.rst:28 71bb011a076146f5baf4e3279f6c4b7e
+msgid ""
+"You can update the catalogs with the following command, however this "
+"should not be needed as Weblate automatically update language catalogs "
+"when it detects new strings or when someone translate some existing "
+"strings. Weblate pushes happen every 24h."
+msgstr ""
+
+#: ../../canaille/translations/README.rst:36 a296f2a2cbf649299d5fec0f520614d3
+msgid "Catalog compilation"
+msgstr ""
+
+#: ../../canaille/translations/README.rst:38 c13b3771cd5b45b4884744fad24b900f
+msgid ""
+"You can compile the catalogs with the following command, however this "
+"should not be needed as catalogs are automatically compiled before "
+"running the unit tests, before launching the demo and before compiling "
+"the Canaille python package:"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:166 39b97e4fee6749c79486c19e617657ef
+msgid "Documentation"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:168 0d41272738f94ced892295701150d998
+msgid "The documentation is generated when the tests run:"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:174 3e7a8bb825c64e9291ef2d77b3932f98
+msgid ""
+"You can also run sphinx by hand, that should be faster since it avoids "
+"the tox environment initialization:"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:180 1ea17b9131f04d71b48b7c3c61f50983
+msgid "The generated documentation is located at ``build/sphinx/html``."
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:183 79f5374feb714359a960e5cae638c231
+msgid "Publish a new release"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:185 2be83e33a90a4c7aac1dc519fe172e51
+msgid ""
+"Check that dependencies are up to date with ``uv sync --all-extras "
+"--upgrade`` and update dependencies accordingly in separated commits;"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:186 1abd3d600ac0411fb999b304cb13e51e
+msgid ""
+"Check that tests are still green for every supported python version, and "
+"that coverage is still at 100%, by running ``uv run tox``;"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:187 88370dc2d9c94d559e8abe1068bfeba6
+msgid ""
+"Check that the demo environments are still working, both the local and "
+"the Docker one;"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:188 bd8ff970e1424dd38acf71ccfb62487c
+msgid ""
+"Check that the :ref:`development/changelog:Release notes` section is "
+"correctly filled up;"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:189 b04308c3c9df45e0b23f2da5c5dc3ef3
+msgid "Increase the version number in ``pyproject.toml``;"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:190 ebaff21b4fe04971885873f4401a38e9
+msgid "Commit with ``git commit``;"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:191 5e75ca58d33e45d8b0035b7f1a293346
+msgid "Build with ``uv build``;"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:192 3cc2fb6a7cc745cea14593e07ce87228
+msgid ""
+"Publish on test PyPI with ``uv publish --publish-url "
+"https://test.pypi.org/legacy/``;"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:193 7090fbe6930449f78048558eb4be201b
+msgid ""
+"Install the test package somewhere with ``pip install --extra-index-url "
+"https://test.pypi.org/simple --upgrade canaille``. Check that everything "
+"looks fine;"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:194 03da5714d2994f5ea82a0c7764e27d72
+msgid "Publish on production PyPI ``uv publish``;"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:195 8635aa0c6a154b02b4f1b5e4558433f0
+msgid "Tag the commit with ``git tag XX.YY.ZZ``;"
+msgstr ""
+
+#: ../../CONTRIBUTING.rst:196 bce1c91d899e43858a763368a8877cfc
+msgid ""
+"Push the release commit and the new tag on the repository with ``git push"
+" --tags``."
+msgstr ""
+
diff --git a/doc/locales/fr_FR/LC_MESSAGES/development/index.po b/doc/locales/fr_FR/LC_MESSAGES/development/index.po
new file mode 100644
index 00000000..42c79096
--- /dev/null
+++ b/doc/locales/fr_FR/LC_MESSAGES/development/index.po
@@ -0,0 +1,25 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) 2024, Yaal Coop
+# This file is distributed under the same license as the canaille package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, 2024.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: canaille 0.0.56\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2024-11-22 15:37+0100\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language: fr_FR\n"
+"Language-Team: fr_FR <LL@li.org>\n"
+"Plural-Forms: nplurals=2; plural=(n > 1);\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Generated-By: Babel 2.16.0\n"
+
+#: ../../doc/development/index.rst:2 15f05d4dbb7d48148dfddc6d8a44131c
+msgid "Development"
+msgstr ""
+
diff --git a/doc/locales/fr_FR/LC_MESSAGES/development/specifications.po b/doc/locales/fr_FR/LC_MESSAGES/development/specifications.po
new file mode 100644
index 00000000..f3f5db5f
--- /dev/null
+++ b/doc/locales/fr_FR/LC_MESSAGES/development/specifications.po
@@ -0,0 +1,491 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) 2024, Yaal Coop
+# This file is distributed under the same license as the canaille package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, 2024.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: canaille 0.0.56\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2024-11-22 15:37+0100\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language: fr_FR\n"
+"Language-Team: fr_FR <LL@li.org>\n"
+"Plural-Forms: nplurals=2; plural=(n > 1);\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Generated-By: Babel 2.16.0\n"
+
+#: ../../doc/development/specifications.rst:2 51c59cc44a2c41e5b41657630b0f0294
+msgid "Specifications"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:4 a7ce3c060d6843c58af29aa75bef3528
+msgid ""
+"This page details which specifications are implemented in Canaille, and "
+"compares Canaille with other well-known identity providers."
+msgstr ""
+
+#: ../../doc/development/specifications.rst:7 9693a4b998134bc08184a485a6a85b08
+msgid "State of the specs in Canaille"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:10 f8563fa341304001ba3c2c550055a0e4
+msgid "OAuth2"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:12 b901b23486424b70ab53ad600c552405
+msgid "✅ `RFC6749: OAuth 2.0 Framework <https://tools.ietf.org/html/rfc6749>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:13 93b26d88ddfb4c24a975c86fafdca3f9
+msgid ""
+"✅ `RFC6750: OAuth 2.0 Bearer Tokens "
+"<https://tools.ietf.org/html/rfc6750>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:14 8d4d4d01ff5843faa2bb7c6da2d5a43e
+msgid ""
+"✅ `RFC7009: OAuth 2.0 Token Revocation "
+"<https://tools.ietf.org/html/rfc7009>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:15 3bf9581f076d491baa8e2c23f3e1d39c
+msgid ""
+"❌ `RFC7523: JWT Profile for OAuth 2.0 Client Authentication and "
+"Authorization Grants <https://tools.ietf.org/html/rfc7523>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:16 6ae1c3b70dfa4a10805ed2d7a7acda83
+msgid ""
+"✅ `RFC7591: OAuth 2.0 Dynamic Client Registration Protocol "
+"<https://tools.ietf.org/html/rfc7591>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:17 9ccadb41365c46cb815b73b88fdc8fc3
+msgid ""
+"✅ `RFC7592: OAuth 2.0 Dynamic Client Registration Management Protocol "
+"<https://tools.ietf.org/html/rfc7592>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:18 fbbef7cd04a04efe8daa71b13569dfd6
+msgid ""
+"✅ `RFC7636: Proof Key for Code Exchange by OAuth Public Clients "
+"<https://tools.ietf.org/html/rfc7636>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:19 54a6ec4e30b94788a749bcfcd52149ab
+msgid ""
+"✅ `RFC7662: OAuth 2.0 Token Introspection "
+"<https://tools.ietf.org/html/rfc7662>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:20 9829a6dc3aca4e2589ce52b529e26208
+msgid ""
+"✅ `RFC8414: OAuth 2.0 Authorization Server Metadata "
+"<https://tools.ietf.org/html/rfc8414>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:21 c4f9b42536a94adfab90da79ef7ec77e
+msgid ""
+"❌ `RFC8428: OAuth 2.0 Device Authorization Grant "
+"<https://tools.ietf.org/html/rfc8428>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:22 b46f678389a140d28f571fa65ef508c0
+msgid ""
+"❌ `RFC8693: OAuth 2.0 Token Exchange "
+"<https://tools.ietf.org/html/rfc8693>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:23 762b143d7a3343ea96d19d65b5d20d33
+msgid ""
+"❌ `RFC8705: OAuth 2.0 Mutual-TLS Client Authentication and Certificate-"
+"Bound Access Tokens <https://tools.ietf.org/html/rfc8705>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:24 b0149247e739412db12e27f13ff03105
+msgid ""
+"❌ `RFC8707: Resource Indicators for OAuth 2.0 "
+"<https://tools.ietf.org/html/rfc8707>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:25 343ed4b6215343d9a44d5807c6d6b1a7
+msgid ""
+"❌ `RFC9068: JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens "
+"<https://tools.ietf.org/html/rfc9068>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:26 a6e3b2cb30c94a5f9922b7a184a36847
+msgid ""
+"❌ `RFC9101: OAuth 2.0 JWT-Secured Authorization Request (JAR) "
+"<https://tools.ietf.org/html/rfc9101>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:27 f971ecf0bf144571891910d1f2437c6e
+msgid ""
+"❌ `RFC9126: OAuth 2.0 Pushed Authorization Requests "
+"<https://tools.ietf.org/html/rfc9126>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:28 fc3312ad72d24fbdbc4bc3bdc41f4975
+msgid ""
+"❌ `RFC9207: OAuth 2.0 Authorization Server Issuer Identification "
+"<https://tools.ietf.org/html/rfc9207>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:29 6ea9045b875440f0b158c45cfbbb5da3
+msgid ""
+"❌ `RFC9394: OAuth 2.0 Rich Authorization Requests <https://www.rfc-"
+"editor.org/rfc/rfc9396.html>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:30 6e9ed12e1d5f4cee9063c63f16639809
+msgid ""
+"❌ `OAuth2 Multiple Response Types <https://openid.net/specs/oauth-v2"
+"-multiple-response-types-1_0.html>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:31 c179be51a4324be6b1822dc762c64017
+msgid ""
+"❌ `OAuth2 Form Post Response Mode <https://openid.net/specs/oauth-v2"
+"-form-post-response-mode-1_0.html>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:34 c4536360f9c34e52bc7c196ca083864c
+msgid "OpenID Connect"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:36 1bac333e62e748228f06d4cd4b3f79cd
+msgid ""
+"✅ `OpenID Connect Core <https://openid.net/specs/openid-connect-"
+"core-1_0.html>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:37 177f627cd2c844afab7f72adc78309fe
+msgid ""
+"✅ `OpenID Connect Discovery <https://openid.net/specs/openid-connect-"
+"discovery-1_0.html>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:38 46d6426d7eb845aea7af55e24b5cbfde
+msgid ""
+"✅ `OpenID Connect Dynamic Client Registration <https://openid.net/specs"
+"/openid-connect-registration-1_0.html>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:39 a38ba47e2d234fc588e8515e052117d5
+msgid ""
+"✅ `OpenID Connect RP Initiated Logout <https://openid.net/specs/openid-"
+"connect-rpinitiated-1_0.html>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:40 12b246f565674f6d8a709b119eaa077e
+msgid ""
+"❌ `OpenID Connect Session Management <https://openid.net/specs/openid-"
+"connect-session-1_0.html>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:41 244a1b92839c4b30b556b2d5eb88a8c4
+msgid ""
+"❌ `OpenID Connect Front Channel Logout <https://openid.net/specs/openid-"
+"connect-frontchannel-1_0.html>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:42 32210e35cc3644d88a7d6b8088b82665
+msgid ""
+"❌ `OpenID Connect Back Channel Logout <https://openid.net/specs/openid-"
+"connect-backchannel-1_0.html>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:43 9bb794d88635474291dd79ab7f85184c
+msgid ""
+"❌ `OpenID Connect Back Channel Authentication Flow "
+"<https://openid.net/specs/openid-client-initiated-backchannel-"
+"authentication-core-1_0.html>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:44 729d88fd26854bc8a0f1458669120be0
+msgid ""
+"❌ `OpenID Connect Core Error Code unmet_authentication_requirements "
+"<https://openid.net/specs/openid-connect-unmet-authentication-"
+"requirements-1_0.html>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:45 e9353600371c470f8a92e7b50c324427
+msgid ""
+"✅ `Initiating User Registration via OpenID Connect 1.0 "
+"<https://openid.net/specs/openid-connect-prompt-create-1_0.html>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:48
+#: ../../doc/development/specifications.rst:64 9786673925304d99b1e09ab9fb786761
+#: e5c086aeada14b3fbd12df6a3150ddf7
+msgid "SCIM"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:50 cdaeb22c0b254f32be04c950554ddcf2
+msgid ""
+"❌ `RFC7642: System for Cross-domain Identity Management: Definitions, "
+"Overview, Concepts, and Requirements <https://www.rfc-"
+"editor.org/rfc/rfc7642>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:51 1d65726f19194dcfb004e9d50c72164c
+msgid ""
+"❌ `RFC7643: System for Cross-domain Identity Management: Core Schema "
+"<https://www.rfc-editor.org/rfc/rfc7642>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:52 fb0be7fecb5f467f9162dd9eec3f0e1a
+msgid ""
+"❌ `RFC7644: System for Cross-domain Identity Management: Protocol "
+"<https://www.rfc-editor.org/rfc/rfc7642>`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:55 dc882e47451d47009071e021bce6d0ae
+msgid "Comparison with other providers"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:57 367a086f3b274c379d00b9d3f7451c10
+msgid "Here is a feature comparison with other OpenID Connect server software."
+msgstr ""
+
+#: ../../doc/development/specifications.rst:59 6d484ee0fa4f45e18d14992b444b5da4
+msgid ""
+"Canaille voluntarily only implements the OpenID Connect protocol to keep "
+"its codebase simple."
+msgstr ""
+
+#: ../../doc/development/specifications.rst:62 4fdd66f3032141698f64213f7f9184ae
+msgid "Software"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:62 5e6caeffa6a44dfebe3eaba4d692f509
+msgid "Project"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:62 5fb63fe0df34482fb1cf4148afb11b4e
+msgid "Protocols implementations"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:62 b542f41780b54cddbcaa336caef7399b
+msgid "Backends"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:64 355f58ee2ecb43ea94091562af7d74cd
+msgid "FLOSS"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:64 86dc1e42e8ee4cbcacd8d8cb43b6a08a
+msgid "Language"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:64 a1da5f980cb349e6b6d4ce525b8931cd
+msgid "LOC"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:64 6860a212b6b040d889bc0e351071b7d4
+msgid "OIDC"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:64 ef9c2076ea46467aad1d9ca648f7f111
+msgid "SAML"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:64 01c4b6fc96cf430f8932876fca8122fc
+msgid "CAS"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:64 ab7b125e263945e38b55ab23a5c48b03
+msgid "LDAP"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:64 eed21c65e10546848ea44ae9c158b17c
+msgid "SQL"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:66 4646c46739f74295bb793fa497beac7f
+msgid "Canaille"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:66
+#: ../../doc/development/specifications.rst:68
+#: ../../doc/development/specifications.rst:70
+#: ../../doc/development/specifications.rst:72
+#: ../../doc/development/specifications.rst:74
+#: ../../doc/development/specifications.rst:76
+#: ../../doc/development/specifications.rst:78
+#: ../../doc/development/specifications.rst:80
+#: ../../doc/development/specifications.rst:82
+#: ../../doc/development/specifications.rst:84
+#: ../../doc/development/specifications.rst:86
+#: ../../doc/development/specifications.rst:88 00293b6e57934791a96bb65ea530e7e3
+#: 01dbc5d8500441ae826f7bb6c44184ee 0e45c0b5fb8a455b825489ef91815aab
+#: 1883b31912d845d780648dad9f2c7d5f 1b5972edea444b8f96e3c0e500ec6ed3
+#: 2357097a3ffd43a5857e088ea7621fd7 24962f9ba6f94d71a57951f93da5c6ab
+#: 26a2bac48d6241d7b32da47d9cb0fd03 278244ffdee941dc805168676ef552c8
+#: 2e5c12b7d21547b8804d029415b457c8 2f277618e8ec414aa45d8106e488681a
+#: 2fdeb6b4b44349ddb453bc46b19c83a6 36975ba3452146d1bc37fe93b1d60a06
+#: 3c6cbfc7fc814259b1a9e713d9a28fa2 440ad3e13b164b1283d4dddd77b8a83f
+#: 4717b3efb8374abe81b40288d6723d91 4b4d576e661e470e925471981828e3f4
+#: 4de9003654ed4009a37269e47f9fc650 5157da20dfe7472d924b475d0bc6ef00
+#: 58462071871e4a508c73293cb88ddba0 5e8e224f803942c2b777233d3460002f
+#: 6481d1cbfbda4977a528e311cdb6e45a 64b1ba5f02d949e18e5e50ba43a565cf
+#: 680ea8f447ca46bbb03083506be230d3 6a2575788fbc4d8bb4401d564c8b29de
+#: 6def3fc95d7749e68dee237357a6520d 6e247f54da384c19af348447c679a0a4
+#: 76a44c050d7f452088ec710c29f9468a 77dd41e02a5d4991ad02046266c3da94
+#: 7cabbe22b77e416aaa0ebaa6515d6826 7f43f9c1d41b4b47840621d27460386b
+#: 80f4793cb22b4d498847a665504c28d4 87f39b103616430298baa9af6b1271bf
+#: 8c1ee96d1d4d4f7881ecf966281e95df 8e6cbb670d1848cca11a08071f5506ad
+#: 979bc49081c3450b810383be914dfa0f 98a3414fac4845c7855b49beaf1269b3
+#: a03168cd752049cbb5a68f0773c27829 a66547d346ad4979bc23767ec423f3ca
+#: aa29a491f5f1472587243f1b902dfef1 abfe8861b9734fe7a0168ce8bcbe0747
+#: ac5d1add8dd2470298644d9d0fc90b71 b095dbb17ffb4397839efb52dbb87144
+#: b429c62a736943a4966d5ae9be588be0 b8ba6e7a47584a4e81a3f4329bbfad6d
+#: b8d6c565a4334f2ea9a6bae0529571ea be6cb24ed08c40c485299d3ca1055164
+#: c51b21470fab4ab085f54916088046d1 c9e8569829e94b5781080d8ccb76dfaa
+#: ce8c0c10adea474692578f0a43b0ce44 ce9ff7f88334402bbdf2209311c57ac0
+#: d3c8bf29f67348bda1b295eee5389554 d72946d0f55e40cc9114dd63fb5562ff
+#: d8009cabba824e8a95aafa929a92f89f de9e4a16c0eb40139020df82932fc8e0
+#: e0047cbe13924a94aed567b6df998bcd e67ac152809e4b41904a0ace000bd468
+#: e7fb6b76aba4412d90acee023ea0dcad ee37067b5b034fe88895e5d4172fd357
+#: f4424c75ebf5412db2f9821ff0865a36 f5d1cd95ba594da083656eeb12708d54
+#: f681b918be214fd7ae82f55767672a84 f937b44ef8484c7d8b5343d6097e1827
+msgid "✅"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:66
+#: ../../doc/development/specifications.rst:72
+#: ../../doc/development/specifications.rst:74 3ccef219dd8c477b83d63ac89a4628e8
+#: 53af1c5800bf4065ae54d6d3fed76f74 e675a5e8ceb145cd95b802b537a7e503
+msgid "Python"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:66 55d8af1bbebd4ef9b87c918cbe6c63c0
+msgid "10k"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:66
+#: ../../doc/development/specifications.rst:68
+#: ../../doc/development/specifications.rst:70
+#: ../../doc/development/specifications.rst:72
+#: ../../doc/development/specifications.rst:74
+#: ../../doc/development/specifications.rst:76
+#: ../../doc/development/specifications.rst:78
+#: ../../doc/development/specifications.rst:82
+#: ../../doc/development/specifications.rst:86
+#: ../../doc/development/specifications.rst:88 0ca4ec4e0e36486597b620c01710ede2
+#: 0d8be7ed0dd04e7aacdab8c88bbde44f 10d4091b215047ec8ac2fe800c138bc2
+#: 23374fd3c7854a519ec633a63306212f 271a7490fdb548d2bed49a96984704ba
+#: 28b95cc1d4b54403beb65719a6a0a44d 2d146d48e0b54a28ad1950749bd515b7
+#: 45a986934d4d492b9dfa18a4127d6ef9 4d851a9f3cbd43beb53c65b8ff05baee
+#: 50f6ec62752848868fcb308ab63cc924 7af084bb69fa4edcaa102e20f361e23b
+#: 833072d393d04be79950691b5f124d3f 8638185efb444679ab524a599085007e
+#: 9deb93b33a6c4bf68fec09cfc0703a79 b1bd472561e14226bc0d15889e2ee0cf
+#: b4668a65b4af46e198f3765ef1c43102 b5e6ca29e6334015bf61656c832464c2
+#: c0dece63fd6f49039a7a522f81d417c0 ec8938b15b76427eaf45b604c4e966ee
+msgid "❌"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:68 174c40b07c47456cbfcecc5f1aaa7aa3
+msgid "`Auth0`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:68
+#: ../../doc/development/specifications.rst:78
+#: ../../doc/development/specifications.rst:80
+#: ../../doc/development/specifications.rst:88 10089c17dd034fdabaf398ab5d8b0dd4
+#: 15817ce6f87540a19809b41de19081e4 3cc58548a2c3408384b260f3ebc1f4b2
+#: 490c945f86a449019cb6426b6d6ef8ac 59a7c804697644d7aa483f4964bde66b
+#: 7a560e268e94470387a5a260c87d709e 92e1fd71f69d44819434698949a46567
+#: 9fa9ffd2119844f085e9fa700f58be6c c15a675d112448f496bf71ad7d1cfcb5
+msgid "❔"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:70 697388cfa36a4b208c5a2099201b5452
+msgid "`Authelia`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:70
+#: ../../doc/development/specifications.rst:82 3cbf4ade038d48d8bf888c2aa06bce50
+#: 4b4504f562e44862900606dbb8915b0c
+msgid "Go"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:70
+#: ../../doc/development/specifications.rst:82 19b7f1f58631476c9cbbd616ab8ac70b
+#: d493f60bd51c493b852256574a34b5f2
+msgid "50k"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:72 b836b3e6fd19456f956d1b547f0de413
+msgid "`Authentic2`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:72 f37a11dc4f5a40f78f60d69c27a0dc4d
+msgid "65k"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:74 8a058ec3fd37473fb49a681ff210a6a2
+msgid "`Authentik`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:74 2bcb15a8634f49a9bd61534d212878b0
+msgid "55k"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:76 2210617edefe419f9cb47dc6b57920b6
+msgid "`CAS`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:76
+#: ../../doc/development/specifications.rst:80
+#: ../../doc/development/specifications.rst:84 4230943e8b00424ca185ec2dfc44a471
+#: 71af08dffe3e4b06ab43a5a7babb784b 9e72b5d3fb9640e2b5369ec4fa8d0a78
+msgid "Java"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:76 ff56d27fde11433b982d1a133c733e85
+msgid "360k"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:78 46b4a92a2c564ee6a3a1fc2487b23d1f
+msgid "`Connect2id`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:80 b1faedc73a864d72b858c85a712322f0
+msgid "`Gluu`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:82 7f52b801d5dd4d4f8d9d62c18b595d47
+msgid "`Hydra`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:84 349f9919048b4d9da7a72a321c10f9f7
+msgid "`Keycloak`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:84 6aae961ac7d14623b453e34e0a3ec1f1
+msgid "600k"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:86 2d37d2699f7a4b63bc98b3ff41b0642e
+msgid "`LemonLDAP`_"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:86 eb1b85f500ff47a3b20ec299df109168
+msgid "Perl"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:86 59be9d49572942058056ceb2588ce133
+msgid "130k"
+msgstr ""
+
+#: ../../doc/development/specifications.rst:88 5350f918d9c54b7f87b2134183072fd7
+msgid "`Okta`_"
+msgstr ""
+
diff --git a/doc/locales/fr_FR/LC_MESSAGES/features.po b/doc/locales/fr_FR/LC_MESSAGES/features.po
new file mode 100644
index 00000000..b9f9c667
--- /dev/null
+++ b/doc/locales/fr_FR/LC_MESSAGES/features.po
@@ -0,0 +1,664 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) 2024, Yaal Coop
+# This file is distributed under the same license as the canaille package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, 2024.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: canaille 0.0.56\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2024-11-22 15:37+0100\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language: fr_FR\n"
+"Language-Team: fr_FR <LL@li.org>\n"
+"Plural-Forms: nplurals=2; plural=(n > 1);\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Generated-By: Babel 2.16.0\n"
+
+#: ../../doc/features.rst:9 4fb1af73d4c74a84b97fb07d0872616c
+msgid "Features"
+msgstr ""
+
+#: ../../doc/features.rst:11 f533903320bb40bcb2e70ec742e83995
+msgid ""
+"Here are the different features that Canaille provides. You can enable "
+"any of those features with the :doc:`configuration "
+"<references/configuration>` to fit any :doc:`use cases <usecases>` you "
+"may meet. Check our  :ref:`roadmap <features:Roadmap>` to see what is "
+"coming next."
+msgstr ""
+
+#: ../../doc/features.rst:15 01c0632f78e54464941ef63a9602dc60
+msgid ""
+"Users can interact with Canaille through its :ref:`web interface "
+"<features:Web interface>` and administrators can also use its "
+":ref:`command line interface <features:Command line interface>`. Canaille"
+" can handle data stored in different :ref:`database backends "
+"<features:Backends>`."
+msgstr ""
+
+#: ../../doc/features.rst:19 64941cdc6da64c95b29a81989ccb229f
+msgid "Web interface"
+msgstr ""
+
+#: ../../doc/features.rst:21 29bcaee093ff460a9cc3810663a729ba
+msgid ""
+"Canaille web interface can be used either in :doc:`production "
+"environments <tutorial/deployment>` or locally for development purposes."
+msgstr ""
+
+#: ../../doc/features.rst:26 294fd4be22454d63bf11372353b61b6b
+msgid "Profile management"
+msgstr ""
+
+#: ../../doc/features.rst:28 ../../doc/features.rst:217
+#: 25fc422a39a14e1792ec6cd7fe264186 45e94f3a06424a1f9e6d70aa2caae471
+msgid "Profile"
+msgstr ""
+
+#: ../../doc/features.rst:33 0f6f25e5ba824a089c29ffc189e3d9fa
+msgid "Canaille provides an interface to manage user profiles."
+msgstr ""
+
+#: ../../doc/features.rst:35 a9d65d4febee4017b66ba6bb0625cc56
+msgid ""
+"The exact list of displayed fields, and whether they are :attr:`writable "
+"<canaille.core.configuration.ACLSettings.WRITE>` or :attr:`read-only "
+"<canaille.core.configuration.ACLSettings.READ>` depends on the user "
+":class:`Access Control List settings (ACL) "
+"<canaille.core.configuration.ACLSettings>`."
+msgstr ""
+
+#: ../../doc/features.rst:37 a484e00099a34cb392f066e6ecf7b4da
+msgid ""
+"Depending on their ACL :class:`permissions "
+"<canaille.core.configuration.Permission>`, users can either be allowed to"
+" edit their own profile, edit any user profile, or do nothing at all."
+msgstr ""
+
+#: ../../doc/features.rst:42 17a358cc687f40baa93945f60bf2450c
+msgid "Email confirmation"
+msgstr ""
+
+#: ../../doc/features.rst:44 80e5ef23503145249170a2e3a625bbd7
+msgid ""
+"If the :attr:`email confirmation feature "
+"<canaille.core.configuration.CoreSettings.EMAIL_CONFIRMATION>` is "
+"enabled, any modification or addition of a profile email will send a "
+"confirmation mail to the new address. The mail will contain a link that "
+"users will need to click on to confirm their email address."
+msgstr ""
+
+#: ../../doc/features.rst:46 ccaf12399e2c40ce9220365c17d74104
+msgid ""
+"Users with :attr:`user management permission "
+"<canaille.core.configuration.Permission.MANAGE_USERS>` can set user "
+"emails without confirmation though."
+msgstr ""
+
+#: ../../doc/features.rst:51 7116048766294e9abe6bf44cbe2f45f9
+msgid "Group management"
+msgstr ""
+
+#: ../../doc/features.rst:53 ../../doc/features.rst:140
+#: 2582411685fc4e3e805cb77dd0463798 df947bdf6ba344d38f554bef593d3741
+msgid "Group edition"
+msgstr ""
+
+#: ../../doc/features.rst:58 11e72b5c82144b689b036ace6700843c
+msgid ""
+"In a similar fashion than :ref:`profile management "
+"<feature_profile_management>` Canaille provides an interface to manage "
+"user groups."
+msgstr ""
+
+#: ../../doc/features.rst:60 d11e558897b04ffababb10318a6b5f2b
+msgid ""
+"The group management is quite simple at the moment and consists in a "
+"group name and description, and the list of its members. Group membership"
+" can be use as :attr:`ACL Filter "
+"<canaille.core.configuration.ACLSettings.FILTER>` to define user "
+"permissions."
+msgstr ""
+
+#: ../../doc/features.rst:63 ../../doc/features.rst:83
+#: ../../doc/features.rst:149 452843219c6c46e9bacd90e4adb242b7
+#: 7780e9f22e1e43ab910c74b8966cb7a7 d11cd0241ede4993b6af5a5310a2950b
+msgid "Todo"
+msgstr ""
+
+#: ../../doc/features.rst:64 a7c91346331a4c6d8d406559aee9e4ad
+msgid ""
+"At the moment adding an user to a group can only be achieved by the user "
+"settings page, but we are :issue:`working to improve this <192>`."
+msgstr ""
+
+#: ../../doc/features.rst:66 ddac4f63bacf466da3c81a45deed362b
+msgid ""
+"Group management can be enable with a :attr:`dedicated user permission "
+"<canaille.core.configuration.Permission.MANAGE_GROUPS>`."
+msgstr ""
+
+#: ../../doc/features.rst:69 02fc1852031348109c514910af49d79d
+msgid ""
+"Due to limitations in the :ref:`LDAP backend <tutorial/databases:LDAP>`, "
+"groups must have at least one member. Thus it is not possible to remove "
+"the last user of a group without removing the group."
+msgstr ""
+
+#: ../../doc/features.rst:75 9138d2dc221e48a89db82c2f90cb6004
+msgid "User authentication"
+msgstr ""
+
+#: ../../doc/features.rst:77 599f5b4f86fc4bfa8a2f74c091509be6
+msgid ""
+"Unless their account is :ref:`locked <feature_account_locking>`, users "
+"can authenticate with a login and a password."
+msgstr ""
+
+#: ../../doc/features.rst:81 fc9cfcefd5b04ed9979f03f7b23f599a
+msgid ""
+"For security reasons, it won't be told to users if they try to sign in "
+"with an unexisting logging, unless explicitly :attr:`set in the "
+"configuration "
+"<canaille.core.configuration.CoreSettings.HIDE_INVALID_LOGINS>`."
+msgstr ""
+
+#: ../../doc/features.rst:83 560da801dd7148caa69f2890c7edb1ad
+msgid ""
+":ref:`LDAP backend <tutorial/databases:LDAP>` users can define which "
+":class:`user field <canaille.core.models.User>` should be used as the "
+"login (such as :attr:`~canaille.core.models.User.user_name` or "
+":attr:`~canaille.core.models.User.emails`) using a :attr:`configuration "
+"parameter "
+"<canaille.backends.ldap.configuration.LDAPSettings.USER_FILTER>`, but "
+"other backends can only login using "
+":attr:`~canaille.core.models.User.user_name`. We are :issue:`working to "
+"improve this <196>`."
+msgstr ""
+
+#: ../../doc/features.rst:88 15d60dc74987433abaa7715bc2a8b1e8
+msgid "User registration"
+msgstr ""
+
+#: ../../doc/features.rst:90 c75a651a12fb4c40b52dbd5f329b410a
+msgid ""
+"Users can create accounts on Canaille if the feature :attr:`registration "
+"feature <canaille.core.configuration.CoreSettings.ENABLE_REGISTRATION>` "
+"is enabled. They will be able to fill a registration form with the fields"
+" detailed in the default :class:`ACL settings "
+"<canaille.core.configuration.ACLSettings>`."
+msgstr ""
+
+#: ../../doc/features.rst:92 e519d1c77da3425f9b295f18c14992c6
+msgid ""
+"If :attr:`email confirmation "
+"<canaille.core.configuration.CoreSettings.EMAIL_CONFIRMATION>` is also "
+"enabled, users will be sent a confirmation link to their email address, "
+"on which they will need to click in order to finalize their registration."
+msgstr ""
+
+#: ../../doc/features.rst:97 ../../doc/features.rst:99
+#: 59c5b1831e6e459a8172647afa544c70 994ef18eb3c541db872d00f1dc525459
+msgid "User invitation"
+msgstr ""
+
+#: ../../doc/features.rst:104 38af20e16103418995dc773d712f3a42
+msgid ""
+"If a :class:`mail server <canaille.core.configuration.SMTPSettings>` is "
+"configured, users with :attr:`user management permission "
+"<canaille.core.configuration.Permission.MANAGE_USERS>` can create an "
+"invitation link for one user."
+msgstr ""
+
+#: ../../doc/features.rst:106 cb210bc27c7242418d4e32754a9ec962
+msgid ""
+"The link goes to a registration form, even if regular :ref:`user "
+"registration <feature_user_registration>` is disabled."
+msgstr ""
+
+#: ../../doc/features.rst:108 ea267ce493e7490cb3eba5254f5cacdb
+msgid "It can be automatically sent by email to the new user."
+msgstr ""
+
+#: ../../doc/features.rst:113 2bcaa899d56a477bbd3d74aeb27c9c80
+msgid "Account locking"
+msgstr ""
+
+#: ../../doc/features.rst:115 ccb64741bf69439baf2151d317752457
+msgid ""
+"If Canaille is plugged to a :ref:`backend <features:Backends>` that "
+"supports it, user accounts can be locked by users with :attr:`user "
+"management permission "
+"<canaille.core.configuration.Permission.MANAGE_USERS>`. The lock date can"
+" be set instantly or at a given date in the future."
+msgstr ""
+
+#: ../../doc/features.rst:118 a72241fb75fc4d9eac776773d4b5f4ea
+msgid "At the moment a user account is locked:"
+msgstr ""
+
+#: ../../doc/features.rst:120 2faef50ed550468c99aaa015e00e9365
+msgid "their open sessions will be closed;"
+msgstr ""
+
+#: ../../doc/features.rst:121 ed34e7ffc4b348f291529b9783470441
+msgid "they won't be able to sign in again;"
+msgstr ""
+
+#: ../../doc/features.rst:122 3f6f9480b62b4c9787464f801bd2d615
+msgid "no new OIDC token will be issued;"
+msgstr ""
+
+#: ../../doc/features.rst:124 27dff00fd7734b5e939f9556d8f393cc
+msgid ""
+"User accounts must be manually unlocked by an administrator for the users"
+" to regain access to those actions."
+msgstr ""
+
+#: ../../doc/features.rst:129 18877ac7cd334a7e805f249be9dda7bd
+msgid "Account deletion"
+msgstr ""
+
+#: ../../doc/features.rst:131 466be52a8d3742f690a40c60282e191d
+msgid ""
+"Users with the :attr:`account deletion permission "
+"<canaille.core.configuration.Permission.DELETE_ACCOUNT>` are allowed to "
+"delete their own account."
+msgstr ""
+
+#: ../../doc/features.rst:133 6d7c914e79544587970b4dbb598b5c5e
+msgid ""
+"Users that also have the :attr:`user management permission "
+"<canaille.core.configuration.Permission.MANAGE_USERS>` are also allowed "
+"to delete other users accounts."
+msgstr ""
+
+#: ../../doc/features.rst:138 bc8a76ec346746f2b515dcb3b1cf4734
+msgid "Password recovery"
+msgstr ""
+
+#: ../../doc/features.rst:145 a9d170d27fff47ef9463c8025637c636
+msgid ""
+"If a :class:`mail server <canaille.core.configuration.SMTPSettings>` is "
+"configured and the :attr:`password recovery feature "
+"<canaille.core.configuration.CoreSettings.ENABLE_PASSWORD_RECOVERY>` is "
+"enabled, then users can ask for a password reset email if they cannot "
+"remember their password."
+msgstr ""
+
+#: ../../doc/features.rst:147 5a6261c226d64919a2880c50a30ae85f
+msgid ""
+"The email will be sent to the email addresses filled in their profile, "
+"and will contain a link that will allow them to choose a new password. ."
+msgstr ""
+
+#: ../../doc/features.rst:151 8e5fc9b32b9d4fe3a70e5af66a2adbe6
+msgid "Check that password recovery is disabled on locked accounts."
+msgstr ""
+
+#: ../../doc/features.rst:156 1c5599b3936243d6915faf737cc31202
+msgid "Password reset"
+msgstr ""
+
+#: ../../doc/features.rst:158 5a6de5b373b9482e98f5b746eaaba299
+msgid ""
+"If a :class:`mail server <canaille.core.configuration.SMTPSettings>` is "
+"configured, :attr:`user management permission "
+"<canaille.core.configuration.Permission.MANAGE_USERS>` can send password "
+"reset mails to users. The mails contains a link that allow users to "
+"choose a new password without having to retrieve the old one."
+msgstr ""
+
+#: ../../doc/features.rst:164 8dcac96c9eac4b85a5733ef2ac8e70b2
+msgid "Password initialization"
+msgstr ""
+
+#: ../../doc/features.rst:166 c0d88fbec85f4621972b1157787ca945
+msgid ""
+"User :attr:`passwords <canaille.core.models.User.password>` are optional."
+" If a :class:`mail server <canaille.core.configuration.SMTPSettings>` is "
+"configured, when users with no password attempt to sign in, they are "
+"invited to click a button that will send them a password initialization "
+"mail. The mail contains a link that leads to a form that allows users to "
+"choose a password."
+msgstr ""
+
+#: ../../doc/features.rst:173 cb684709c95741afb52044d915ad837e
+msgid "Password compromission check"
+msgstr ""
+
+#: ../../doc/features.rst:175 cc99e8db7a8a4c2397f9466cd156cce3
+msgid ""
+"If :attr:`password compromission check feature "
+"<canaille.core.configuration.CoreSettings.ENABLE_PASSWORD_COMPROMISSION_CHECK>`"
+" is enabled, Canaille will check for password compromise on HIBP "
+"(https://haveibeenpwned.com/) every time a new password is register. You "
+"will need to set an :attr:`admin email "
+"<canaille.core.configuration.CoreSettings.ADMIN_EMAIL>`."
+msgstr ""
+
+#: ../../doc/features.rst:180 578f4517d38a4c05aa17ca0e79b8e071
+msgid "Internationalization"
+msgstr ""
+
+#: ../../doc/features.rst:182 679ae11dba4244919195c79384a0ea86
+msgid "Translation state"
+msgstr ""
+
+#: ../../doc/features.rst:187 6674da14a528481fb5ecd11b163ff0b5
+msgid ""
+"Canaile will display in your :attr:`preferred language "
+"<canaille.core.models.User.preferred_language>` if available, or your "
+"browser language if available (and if it is not you can :ref:`help us "
+"with the translation <development/contributing:Translations>`). If you "
+"prefer, you can also :attr:`force a language "
+"<canaille.core.configuration.CoreSettings.FAVICON>` for every users."
+msgstr ""
+
+#: ../../doc/features.rst:193 962dc4e9e8464568ad7798304c427aa4
+msgid "Lightweight"
+msgstr ""
+
+#: ../../doc/features.rst:195 d18981ee0963473eba03eb2d29344a86
+msgid ""
+"The web interface is lightweight, so everything should load quickly. "
+"There is a few Javascript here and there to smooth the experience, but no"
+" Javascript at all is needed to use Canaille."
+msgstr ""
+
+#: ../../doc/features.rst:199 8ed7acbdc3d948cdb60c98cb5786c51c
+msgid "Customizable"
+msgstr ""
+
+#: ../../doc/features.rst:201 98abf7572fac4402b05a543a5f3fcf70
+msgid ""
+"The default theme should be good enough for most usages. It has a dark "
+"theme, display well on mobile, and let you choose a :attr:`logo "
+"<canaille.core.configuration.CoreSettings.LOGO>` and a :attr:`favicon "
+"<canaille.core.configuration.CoreSettings.FAVICON>`."
+msgstr ""
+
+#: ../../doc/features.rst:204 cdc5b7d069fb412d85a1bb73277b41f3
+msgid ""
+"If you need more you can also use a :attr:`custom theme "
+"<canaille.core.configuration.CoreSettings.THEME>`."
+msgstr ""
+
+#: ../../doc/features.rst:209 061216875fe84e5e8ff84b4d74ddcdfd
+msgid "OpenID Connect"
+msgstr ""
+
+#: ../../doc/features.rst:211 475e8e86054b4e1aae2eb5c5019b05b9
+msgid ""
+"Canaille implements a :ref:`subset<development/specifications:State of "
+"the specs in Canaille>` of the OAuth2/OpenID Connect specifications . "
+"This allows to provide :abbr:`SSO (Single Sign-On)` and :abbr:`SLO "
+"(Single Log-On)` to applications plugged to Canaille."
+msgstr ""
+
+#: ../../doc/features.rst:215 e1f9ff739e0740a992c3a6a229f58f2f
+msgid "Consent management"
+msgstr ""
+
+#: ../../doc/features.rst:223 f0f4792344ff4efb9152d9537ffdb61a
+msgid ""
+"Users can give their consent to application requesting access to their "
+"personal information, and then revoke those consent at their will."
+msgstr ""
+
+#: ../../doc/features.rst:227 901e75d3e39d47c283c795f4c81ef313
+msgid "Application management"
+msgstr ""
+
+#: ../../doc/features.rst:229 b61e5ff4d80546b8bf9f26396b041024
+msgid ""
+"Users with the right :attr:`permission "
+"<canaille.core.configuration.Permission.MANAGE_OIDC>` can manager OIDC "
+"clients through the web interface."
+msgstr ""
+
+#: ../../doc/features.rst:231 2faf8a6597544e54b9e4cdfd94e8b12d
+msgid ""
+"In some cases, it might be useful to avoid the consent page for some "
+"trusted applications, so clients can be pre-consented."
+msgstr ""
+
+#: ../../doc/features.rst:234 e3a2d439803247929d5734a944c67b6e
+msgid "Discovery"
+msgstr ""
+
+#: ../../doc/features.rst:236 a859e92abe2545ffac1945b84ded46cf
+msgid ""
+"Canaille implements the :doc:`Discovery specifications "
+"<development/specifications>` so most of the applications plugged to "
+"Canaille can auto-configure themselves."
+msgstr ""
+
+#: ../../doc/features.rst:239 021f852f70e043f8991eb63a1e9fa95b
+msgid "Dynamic Client Registration"
+msgstr ""
+
+#: ../../doc/features.rst:241 50f5368bb4f34432b78bad50f3bfc970
+msgid ""
+"Canaille implements the :doc:`Dynamic Client Registration specifications "
+"<development/specifications>`, so when the :attr:`feature is enabled "
+"<canaille.oidc.configuration.OIDCSettings.DYNAMIC_CLIENT_REGISTRATION_OPEN>`,"
+" clients can register themselves on Canaille without an administrator "
+"intervention."
+msgstr ""
+
+#: ../../doc/features.rst:246 737fa417d0994b40bfa131c9f60fe002
+msgid "Command Line Interface"
+msgstr ""
+
+#: ../../doc/features.rst:248 22dca683e72647c5b1d7c3cb7284bb31
+msgid ""
+"Canaille comes with a :abbr:`CLI (Command Line Interface)` to help "
+"administrators in hosting and management."
+msgstr ""
+
+#: ../../doc/features.rst:250 249165589d194a80bafccad23548b445
+msgid ""
+"There are tools to :ref:`check your configuration <cli_check>` or to "
+":ref:`install missing parts <cli_install>`. You can use the CLI to "
+":ref:`create <cli_create>`, :ref:`read <cli_get>`, :ref:`update "
+"<cli_set>` and :ref:`delete <cli_delete>` models such as :class:`users "
+"<canaille.core.models.User>`, :class:`groups "
+"<canaille.core.models.Group>` or  :class:`OIDC clients "
+"<canaille.oidc.basemodels.Client>`."
+msgstr ""
+
+#: ../../doc/features.rst:253 40b8bd61352441279c4cd29652f4c1ac
+msgid ""
+"There are also tools to :ref:`fill your database <cli_populate>` with "
+"random objects, for tests purpose for instance."
+msgstr ""
+
+#: ../../doc/features.rst:258 f12ee82070274cae980dfd943216d8aa
+msgid "Backends"
+msgstr ""
+
+#: ../../doc/features.rst:260 33a7e578989247a28cab7f3c62a5d45b
+msgid ""
+"Canaille can handle data from the most :ref:`common SQL databases "
+"<tutorial/databases:SQL>` such as PostgreSQL, MariaDB or SQLite, as well "
+"as :ref:`OpenLDAP <tutorial/databases:LDAP>`. It also comes with a no-"
+"dependency :ref:`in-memory database <tutorial/databases:Memory>` that can"
+" be used in unit tests suites."
+msgstr ""
+
+#: ../../doc/features.rst:264 7d48bdc0de0c4311bc833d1a5bfba74a
+msgid "Miscellaneous"
+msgstr ""
+
+#: ../../doc/features.rst:269 8d32bbd55479403abce70eb8c9bb994f
+msgid "Logging"
+msgstr ""
+
+#: ../../doc/features.rst:271 5275f23ac2854d5c9194a48ddd5443dd
+msgid ""
+"Canaille writes :attr:`logs "
+"<canaille.core.configuration.CoreSettings.LOGGING>` for every important "
+"event happening, to help administrators understand what is going on and "
+"debug funky situations."
+msgstr ""
+
+#: ../../doc/features.rst:273 b9f379ada02c48b18293ac832faebd4b
+msgid ""
+"The following security events are logged with the tag [SECURITY] for easy"
+" retrieval :"
+msgstr ""
+
+#: ../../doc/features.rst:275 32a31a8d8ad34cc18aef5adec77e9a3b
+msgid "Authentication attempt"
+msgstr ""
+
+#: ../../doc/features.rst:276 553bb32d08e841cb9c4e140ac0de0773
+msgid "Password update"
+msgstr ""
+
+#: ../../doc/features.rst:277 bfba87a6577c42848d8353bf21233ac6
+msgid "Email update"
+msgstr ""
+
+#: ../../doc/features.rst:278 711f69f6c65047c1bfbddc6235961247
+msgid "Forgotten password mail sent to user"
+msgstr ""
+
+#: ../../doc/features.rst:279 b95d47d79d2842738c9b590b76eced39
+msgid "Token emission"
+msgstr ""
+
+#: ../../doc/features.rst:280 6659cb54ee2c4b27b26b810af990bf79
+msgid "Token refresh"
+msgstr ""
+
+#: ../../doc/features.rst:281 db0590d0caff45818dffed4a4a6c34f8
+msgid "Token revokation"
+msgstr ""
+
+#: ../../doc/features.rst:282 cba7d27c08da40edbc1b9fcbe6d30a64
+msgid "New consent given for client application"
+msgstr ""
+
+#: ../../doc/features.rst:283 d35330606f194040bbc333ba55a884b9
+msgid "Consent revokation"
+msgstr ""
+
+#: ../../doc/features.rst:288 7c833e8f95e9411fa0aadb6886087873
+msgid "A tool for your development and tests"
+msgstr ""
+
+#: ../../doc/features.rst:290 76258411ae3b4d849449432f52e84d17
+msgid ""
+"Thanks to its lightweight :ref:`in-memory database "
+"<tutorial/databases:Memory>` and its curated :ref:`dependency list "
+"<tutorial/install:Get the code>`, Canaille can be used in the unit test "
+"suite of your application, so you can check how it behaves against a real"
+" world OpenID Connect server. If you work with python you might want to "
+"check :doc:`pytest-iam:index`."
+msgstr ""
+
+#: ../../doc/features.rst:292 ac52a0941d9e4bd2b362ecf152aeb68d
+msgid ""
+"It can also being launched in your development environment, if you find "
+"that launching a Keycloak in a Docker container is too heavy for your "
+"little web application."
+msgstr ""
+
+#: ../../doc/features.rst:294 0efaf00bc4144e27bf54251a6a9bd21e
+msgid ""
+"It also fits well in continuous integration scenarios. Thanks to its "
+":ref:`CLI <feature_cli>`, you can prepare data in Canaille, let your "
+"application interact with it, and then check the side effects."
+msgstr ""
+
+#: ../../doc/features.rst:297 7a9aa943072042589a5d46ce6298f3e5
+msgid "Roadmap"
+msgstr ""
+
+#: ../../doc/features.rst:300 ed46b8b841e5494dba2f70bd26de027e
+msgid "Bêta version"
+msgstr ""
+
+#: ../../doc/features.rst:302 683699158de54b9fb6b281cf025c3d13
+msgid ""
+"To go out of the current Alpha version we want to achieve the following "
+"tasks:"
+msgstr ""
+
+#: ../../doc/features.rst:304 748e096bb8d94c01be4a837a50a3f8c0
+msgid ":issue:`Configuration validation using pydantic <138>`"
+msgstr ""
+
+#: ../../doc/features.rst:307 c9315e497eb840e98135b31e13bbe300
+msgid "Stable version"
+msgstr ""
+
+#: ../../doc/features.rst:309 c273a186afb04e64b9c0a6935e77a247
+msgid ""
+"Before we push Canaille in stable version we want to achieve the "
+"following tasks:"
+msgstr ""
+
+#: ../../doc/features.rst:312 6f25e781a50c4c3b873263ee8b7445c4
+msgid "Security"
+msgstr ""
+
+#: ../../doc/features.rst:314 afa955100edc4cf69fe911def2c17fe1
+msgid ":issue:`Password hashing configuration <175>`"
+msgstr ""
+
+#: ../../doc/features.rst:315 83b477b8dd8d4f86a619fb8c69f6334f
+msgid ":issue:`Authentication logging policy <177>`"
+msgstr ""
+
+#: ../../doc/features.rst:316 86aa13e5c390443dabeb1dac7218c0e4
+msgid ":issue:`Intruder lockout <173>`"
+msgstr ""
+
+#: ../../doc/features.rst:317 c12a638956a944d8ac8e7630af28728c
+msgid ":issue:`Password expiry policy <176>`"
+msgstr ""
+
+#: ../../doc/features.rst:318 84e6f66279434b8295367ad2e2aaf493
+msgid ":issue:`Multi-factor authentication: Email <47>`"
+msgstr ""
+
+#: ../../doc/features.rst:319 89672221e2a549738b6b93ef5a7fa40a
+msgid ":issue:`Multi-factor authentication: SMS <47>`"
+msgstr ""
+
+#: ../../doc/features.rst:320 22f8692707ee4ef0beec4e65d67b7a24
+msgid ":issue:`Multi-factor authentication: OTP <47>`"
+msgstr ""
+
+#: ../../doc/features.rst:323 f133501d55674c388d07ebf7d05d7470
+msgid "Packaging"
+msgstr ""
+
+#: ../../doc/features.rst:325 e7e65e86dcef441c99b85029acc08b69
+msgid ":issue:`Nix package <190>`"
+msgstr ""
+
+#: ../../doc/features.rst:326 0cc24c93080a4abb89bb5d9c99084083
+msgid ":issue:`Docker / OCI package <59>`"
+msgstr ""
+
+#: ../../doc/features.rst:329 76fdc47c40d54ef9b77d042b2720bf47
+msgid "And beyond"
+msgstr ""
+
+#: ../../doc/features.rst:331 4c3e31176fa04cd7ba4d6f335eefd194
+msgid ":issue:`OpenID Connect certification <182>`"
+msgstr ""
+
+#: ../../doc/features.rst:332 e037868b60534210869e76ff89bf2d12
+msgid ":issue:`SCIM support <116>`"
+msgstr ""
+
diff --git a/doc/locales/fr_FR/LC_MESSAGES/index.po b/doc/locales/fr_FR/LC_MESSAGES/index.po
new file mode 100644
index 00000000..5885fc88
--- /dev/null
+++ b/doc/locales/fr_FR/LC_MESSAGES/index.po
@@ -0,0 +1,93 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) 2024, Yaal Coop
+# This file is distributed under the same license as the canaille package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, 2024.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: canaille 0.0.56\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2024-11-22 15:37+0100\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language: fr_FR\n"
+"Language-Team: fr_FR <LL@li.org>\n"
+"Plural-Forms: nplurals=2; plural=(n > 1);\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Generated-By: Babel 2.16.0\n"
+
+#: ../../doc/index.rst:15 f44fd8eed33248cb86e37736bd2c9a51
+msgid "Lightweight Identity and Authorization Management"
+msgstr "Serveur d’identité et d'autorisations ultra-léger"
+
+#: ../../doc/index.rst:19 581631e22f4e47098270d48215814ba8
+msgid ""
+"**Canaille** is a French word meaning *rascal*. It is roughly pronounced "
+"**Can I?**, as in *Can I access your data?* Canaille is a lightweight "
+"identity and authorization management software. It aims to be very light,"
+" simple to install and simple to maintain. Its main features are :"
+msgstr ""
+
+#: ../../doc/index.rst:27 d5af5012db4f40efae832c81859a8dc4
+msgid "Profile management"
+msgstr ""
+
+#: ../../doc/index.rst:31 6a7f0738d1414a18b39ca620be9d7e71
+msgid "User profile and groups management, Basic permissions"
+msgstr ""
+
+#: ../../doc/index.rst:34 339b2e015a9442ebbf5e94747fcc6250
+msgid "User authentication"
+msgstr ""
+
+#: ../../doc/index.rst:38 e049fc56882742a2ad91c734bda3472b
+msgid ""
+"Authentication, registration, email confirmation, \"I forgot my "
+"password\" emails"
+msgstr ""
+
+#: ../../doc/index.rst:40 b1062145a9da47fdb6c68e6d6f69c034
+msgid "SSO"
+msgstr ""
+
+#: ../../doc/index.rst:44 9b17b5386fca4972bc24ee5990cfa994
+msgid "OpenID Connect identity provider"
+msgstr ""
+
+#: ../../doc/index.rst:46 e0788c1957c64cf2908e69ad503ada1e
+msgid "Multi-database support"
+msgstr ""
+
+#: ../../doc/index.rst:50 0e63c7d9785447b4aae14b4464f1d0f8
+msgid "PostgreSQL, Mariadb and OpenLDAP first-class citizenship"
+msgstr ""
+
+#: ../../doc/index.rst:52 0e935d0e908a4b2dae80193f7e4f9434
+msgid "Customization"
+msgstr ""
+
+#: ../../doc/index.rst:56 50f5dc14580f4f2db4e8c307c031c3e2
+msgid "Put Canaille at yours colors by choosing a logo or use a custom theme!"
+msgstr ""
+
+#: ../../doc/index.rst:58 9e5106a0e8874b16b7a1031cb7b266e5
+msgid "Developers friendliness"
+msgstr ""
+
+#: ../../doc/index.rst:62 dc6773fa0ab4474181277ecdaaafc2e8
+msgid ""
+"Canaille can easily fit in your unit tests suite or in your Continuous "
+"Integration."
+msgstr ""
+
+#: ../../doc/index.rst:66 69e3bf94cb39467d9d0836d73de77f58
+msgid ":doc:`Full feature list <features>`"
+msgstr ""
+
+#: ../../doc/index.rst:70 f8d60881cb6d4f59ad97ea3d7b740de5
+msgid "Documentation"
+msgstr ""
+
diff --git a/doc/locales/fr_FR/LC_MESSAGES/references.po b/doc/locales/fr_FR/LC_MESSAGES/references.po
new file mode 100644
index 00000000..0ce7646f
--- /dev/null
+++ b/doc/locales/fr_FR/LC_MESSAGES/references.po
@@ -0,0 +1,1831 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) 2024, Yaal Coop
+# This file is distributed under the same license as the canaille package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, 2024.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: canaille 0.0.56\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2024-11-22 15:35+0100\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language: fr_FR\n"
+"Language-Team: fr_FR <LL@li.org>\n"
+"Plural-Forms: nplurals=2; plural=(n > 1);\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Generated-By: Babel 2.16.0\n"
+
+#: ../../doc/references/commands.rst:2
+msgid "Command Line Interface"
+msgstr ""
+
+#: ../../doc/references/commands.rst:4
+msgid "Canaille provide several commands to help administrator manage their data."
+msgstr ""
+
+#: ../../doc/references/commands.rst:6
+msgid ""
+"Generally, some configuration has to be loaded by `Canaille`. This can be"
+" achieved by :ref:`configuration loading "
+"method<references/configuration:Load the configuration>` available, but "
+"most of the time a ``CONFIG`` environment variable is used. For the sake "
+"of readability, it is omitted in the following examples."
+msgstr ""
+
+#: ../../canaille check:1
+msgid "Test the configuration file."
+msgstr ""
+
+#: ../../canaille check:1
+msgid ""
+"Attempt to reach the database and the SMTP server with the provided "
+"credentials."
+msgstr ""
+
+#: ../../canaille clean:1
+msgid "Remove expired tokens and authorization codes."
+msgstr ""
+
+#: ../../canaille install:1
+msgid "Installs canaille elements from the configuration."
+msgstr ""
+
+#: ../../canaille install:1
+msgid ""
+"For instance, depending on the configuration, this can generate OIDC keys"
+" or install LDAP schemas."
+msgstr ""
+
+#: ../../canaille populate:1
+msgid "Populate the database with generated random data."
+msgstr ""
+
+#: ../../doc/references/commands.rst
+msgid "Options"
+msgstr ""
+
+#: ../../canaille populate:1
+msgid "Number of items to create"
+msgstr ""
+
+#: ../../canaille groups:1 populate
+msgid "Populate the database with generated random groups."
+msgstr ""
+
+#: ../../canaille groups:1 populate
+msgid "The maximum number of users that will randomly be affected in the group"
+msgstr ""
+
+#: ../../canaille populate users:1
+msgid "Populate the database with generated random users."
+msgstr ""
+
+#: ../../canaille get:1
+msgid "Read information about models."
+msgstr ""
+
+#: ../../canaille get:1
+msgid "Options can be used to filter models::"
+msgstr ""
+
+#: ../../canaille get:1
+msgid "Displays the matching models in JSON format in the standard output."
+msgstr ""
+
+#: ../../canaille authorizationcode:1 get
+msgid "Search for authorizationcodes and display the matching models as JSON."
+msgstr ""
+
+#: ../../canaille client:1 get
+msgid "Search for clients and display the matching models as JSON."
+msgstr ""
+
+#: ../../canaille consent:1 get
+msgid "Search for consents and display the matching models as JSON."
+msgstr ""
+
+#: ../../canaille get group:1
+msgid "Search for groups and display the matching models as JSON."
+msgstr ""
+
+#: ../../canaille get token:1
+msgid "Search for tokens and display the matching models as JSON."
+msgstr ""
+
+#: ../../canaille get user:1
+msgid "Search for users and display the matching models as JSON."
+msgstr ""
+
+#: ../../canaille set:1
+msgid "Update models."
+msgstr ""
+
+#: ../../canaille set:1
+msgid "The command takes an model ID and edit one or several attributes::"
+msgstr ""
+
+#: ../../canaille set:1
+msgid "Displays the edited model in JSON format in the standard output."
+msgstr ""
+
+#: ../../canaille authorizationcode:1 set
+msgid ""
+"Update a authorizationcode and display the edited model in JSON format in"
+" the standard output."
+msgstr ""
+
+#: ../../canaille authorizationcode:1 delete set
+msgid "IDENTIFIER should be a authorizationcode id or authorization_code_id"
+msgstr ""
+
+#: ../../doc/references/commands.rst
+msgid "Arguments"
+msgstr ""
+
+#: ../../canaille authorizationcode:1 client:1 consent:1 delete group:1 set
+#: token:1 user:1
+msgid "Required argument"
+msgstr ""
+
+#: ../../canaille client:1 set
+msgid ""
+"Update a client and display the edited model in JSON format in the "
+"standard output."
+msgstr ""
+
+#: ../../canaille client:1 delete set
+msgid "IDENTIFIER should be a client id or client_id"
+msgstr ""
+
+#: ../../canaille consent:1 set
+msgid ""
+"Update a consent and display the edited model in JSON format in the "
+"standard output."
+msgstr ""
+
+#: ../../canaille consent:1 delete set
+msgid "IDENTIFIER should be a consent id or consent_id"
+msgstr ""
+
+#: ../../canaille group:1 set
+msgid ""
+"Update a group and display the edited model in JSON format in the "
+"standard output."
+msgstr ""
+
+#: ../../canaille delete group:1 set
+msgid "IDENTIFIER should be a group id or display_name"
+msgstr ""
+
+#: ../../canaille set token:1
+msgid ""
+"Update a token and display the edited model in JSON format in the "
+"standard output."
+msgstr ""
+
+#: ../../canaille delete set token:1
+msgid "IDENTIFIER should be a token id or token_id"
+msgstr ""
+
+#: ../../canaille set user:1
+msgid ""
+"Update a user and display the edited model in JSON format in the standard"
+" output."
+msgstr ""
+
+#: ../../canaille delete set user:1
+msgid "IDENTIFIER should be a user id or user_name"
+msgstr ""
+
+#: ../../canaille create:1
+msgid "Create models."
+msgstr ""
+
+#: ../../canaille create:1
+msgid "The model attributes can be passed as command options::"
+msgstr ""
+
+#: ../../canaille create:1
+msgid "Displays the created model in JSON format in the standard output."
+msgstr ""
+
+#: ../../canaille authorizationcode:1 create
+msgid ""
+"Create a new authorizationcode and display the created model in JSON "
+"format in the standard output."
+msgstr ""
+
+#: ../../canaille client:1 create
+msgid ""
+"Create a new client and display the created model in JSON format in the "
+"standard output."
+msgstr ""
+
+#: ../../canaille consent:1 create
+msgid ""
+"Create a new consent and display the created model in JSON format in the "
+"standard output."
+msgstr ""
+
+#: ../../canaille create group:1
+msgid ""
+"Create a new group and display the created model in JSON format in the "
+"standard output."
+msgstr ""
+
+#: ../../canaille create token:1
+msgid ""
+"Create a new token and display the created model in JSON format in the "
+"standard output."
+msgstr ""
+
+#: ../../canaille create user:1
+msgid ""
+"Create a new user and display the created model in JSON format in the "
+"standard output."
+msgstr ""
+
+#: ../../canaille delete:1
+msgid "Delete models."
+msgstr ""
+
+#: ../../canaille delete:1
+msgid "The command takes a model ID and deletes it::"
+msgstr ""
+
+#: ../../canaille authorizationcode:1 delete
+msgid "Delete a authorizationcode."
+msgstr ""
+
+#: ../../canaille client:1 delete
+msgid "Delete a client."
+msgstr ""
+
+#: ../../canaille consent:1 delete
+msgid "Delete a consent."
+msgstr ""
+
+#: ../../canaille delete group:1
+msgid "Delete a group."
+msgstr ""
+
+#: ../../canaille delete token:1
+msgid "Delete a token."
+msgstr ""
+
+#: ../../canaille delete user:1
+msgid "Delete a user."
+msgstr ""
+
+#: ../../doc/references/configuration.rst:2
+msgid "Configuration"
+msgstr ""
+
+#: ../../doc/references/configuration.rst:5
+msgid "Load the configuration"
+msgstr ""
+
+#: ../../doc/references/configuration.rst:7
+msgid ""
+"Canaille can be configured either by a environment variables, environment"
+" file, or by a configuration file."
+msgstr ""
+
+#: ../../doc/references/configuration.rst:10
+msgid "Configuration file"
+msgstr ""
+
+#: ../../doc/references/configuration.rst:12
+msgid ""
+"The configuration can be written in `toml` configuration file which path "
+"is passed in the :envvar:`CONFIG` environment variable."
+msgstr ""
+
+#: ../../doc/references/configuration.rst:14
+#: ../../doc/references/configuration.rst:85
+#: canaille.app.configuration.RootSettings:11 of
+msgid "config.toml"
+msgstr ""
+
+#: ../../doc/references/configuration.rst:26
+msgid ""
+"You can have a look at the :ref:`example file "
+"<references/configuration:Example file>` for inspiration."
+msgstr ""
+
+#: ../../doc/references/configuration.rst:29
+msgid "Environment variables"
+msgstr ""
+
+#: ../../doc/references/configuration.rst:31
+msgid ""
+"In addition, parameters that have not been set in the configuration file "
+"can be read from environment variables. The way environment variables are"
+" parsed can be read from the `pydantic-settings documentation "
+"<https://docs.pydantic.dev/latest/concepts/pydantic_settings/#parsing-"
+"environment-variable-values>`_."
+msgstr ""
+
+#: ../../doc/references/configuration.rst:36
+msgid ""
+"For environment vars, the separator between sections and variables is a "
+"double underscore: ``__``. For instance, the ``NAME`` var in the "
+"``CANAILLE`` section shown above is ``CANAILLE__NAME``."
+msgstr ""
+
+#: ../../doc/references/configuration.rst:40
+msgid "Environment file"
+msgstr ""
+
+#: ../../doc/references/configuration.rst:42
+msgid ""
+"Any environment variable can also be written in a ``.env``, and will be "
+"read if present."
+msgstr ""
+
+#: ../../doc/references/configuration.rst:44
+msgid ".env"
+msgstr ""
+
+#: ../../doc/references/configuration.rst:62
+msgid "Parameters"
+msgstr ""
+
+#: canaille.app.configuration.RootSettings:1 of
+msgid ""
+"The top-level namespace contains holds the configuration settings "
+"unrelated to Canaille."
+msgstr ""
+
+#: canaille.app.configuration.RootSettings:4 of
+msgid "The configuration paramateres from the following libraries can be used:"
+msgstr ""
+
+#: canaille.app.configuration.RootSettings:6 of
+msgid ":doc:`Flask <flask:config>`"
+msgstr ""
+
+#: canaille.app.configuration.RootSettings:7 of
+msgid ":doc:`Flask-WTF <flask-wtf:config>`"
+msgstr ""
+
+#: canaille.app.configuration.RootSettings:8 of
+msgid ":doc:`Flask-Babel <flask-babel:index>`"
+msgstr ""
+
+#: canaille.app.configuration.RootSettings:9 of
+msgid ":doc:`Authlib <authlib:flask/2/authorization-server>`"
+msgstr ""
+
+#: ../../docstring canaille.app.configuration.RootSettings.DEBUG:1 of
+msgid "The Flask :external:py:data:`DEBUG` configuration setting."
+msgstr ""
+
+#: ../../docstring canaille.app.configuration.RootSettings.DEBUG:3 of
+msgid "This enables debug options."
+msgstr ""
+
+#: ../../docstring canaille.app.configuration.RootSettings.DEBUG:7 of
+msgid ""
+"This is useful for development but should be absolutely avoided in "
+"production environments."
+msgstr ""
+
+#: ../../docstring
+#: canaille.app.configuration.RootSettings.PREFERRED_URL_SCHEME:1 of
+msgid "The Flask :external:py:data:`PREFERRED_URL_SCHEME` configuration setting."
+msgstr ""
+
+#: ../../docstring
+#: canaille.app.configuration.RootSettings.PREFERRED_URL_SCHEME:4 of
+msgid "This sets the url scheme by which canaille will be served."
+msgstr ""
+
+#: ../../docstring canaille.app.configuration.RootSettings.SECRET_KEY:1 of
+msgid "The Flask :external:py:data:`SECRET_KEY` configuration setting."
+msgstr ""
+
+#: ../../docstring canaille.app.configuration.RootSettings.SECRET_KEY:3 of
+msgid "You MUST change this."
+msgstr ""
+
+#: ../../docstring canaille.app.configuration.RootSettings.SERVER_NAME:1 of
+msgid "The Flask :external:py:data:`SERVER_NAME` configuration setting."
+msgstr ""
+
+#: ../../docstring canaille.app.configuration.RootSettings.SERVER_NAME:3 of
+msgid "This sets domain name on which canaille will be served."
+msgstr ""
+
+#: canaille.core.configuration.CoreSettings:1 of
+msgid "The settings from the ``CANAILLE`` namespace."
+msgstr ""
+
+#: canaille.core.configuration.CoreSettings:3 of
+msgid ""
+"Those are all the configuration parameters that controls the behavior of "
+"Canaille."
+msgstr ""
+
+#: ../../docstring canaille.core.configuration.CoreSettings.ACL:1 of
+msgid "Mapping of permission groups. See :class:`ACLSettings` for more details."
+msgstr ""
+
+#: ../../docstring canaille.core.configuration.CoreSettings.ACL:3 of
+msgid "The ACL name can be freely chosen. For example::"
+msgstr ""
+
+#: ../../docstring canaille.core.configuration.CoreSettings.ADMIN_EMAIL:1 of
+msgid "Administration email contact."
+msgstr ""
+
+#: ../../docstring canaille.core.configuration.CoreSettings.ADMIN_EMAIL:3 of
+msgid ""
+"In certain special cases (example : questioning about password "
+"corruption), it is necessary to provide an administration contact email."
+msgstr ""
+
+#: ../../docstring
+#: canaille.core.configuration.CoreSettings.EMAIL_CONFIRMATION:1 of
+msgid ""
+"If :py:data:`True`, users will need to click on a confirmation link sent "
+"by email when they want to add a new email."
+msgstr ""
+
+#: ../../docstring
+#: canaille.core.configuration.CoreSettings.EMAIL_CONFIRMATION:4 of
+msgid ""
+"By default, this is true if ``SMTP`` is configured, else this is false. "
+"If explicitly set to true and ``SMTP`` is disabled, the email field will "
+"be read-only."
+msgstr ""
+
+#: ../../docstring
+#: canaille.core.configuration.CoreSettings.ENABLE_PASSWORD_COMPROMISSION_CHECK:1
+#: of
+msgid ""
+"If :py:data:`True`, Canaille will check if passwords appears in "
+"compromission databases such as `HIBP <https://haveibeenpwned.com>`_ when"
+" users choose a new one."
+msgstr ""
+
+#: ../../docstring
+#: canaille.core.configuration.CoreSettings.ENABLE_PASSWORD_RECOVERY:1 of
+msgid ""
+"If :py:data:`False`, then users cannot ask for a password recovery link "
+"by email."
+msgstr ""
+
+#: ../../docstring
+#: canaille.core.configuration.CoreSettings.ENABLE_REGISTRATION:1 of
+msgid ""
+"If :py:data:`True`, then users can freely create an account at this "
+"instance."
+msgstr ""
+
+#: ../../docstring
+#: canaille.core.configuration.CoreSettings.ENABLE_REGISTRATION:4 of
+msgid ""
+"If email verification is available, users must confirm their email before"
+" the account is created."
+msgstr ""
+
+#: ../../docstring canaille.core.configuration.CoreSettings.FAVICON:1 of
+msgid "You favicon."
+msgstr ""
+
+#: ../../docstring canaille.core.configuration.CoreSettings.FAVICON:3 of
+msgid "If unset and :attr:`LOGO` is set, then the logo will be used."
+msgstr ""
+
+#: ../../docstring
+#: canaille.core.configuration.CoreSettings.HIDE_INVALID_LOGINS:1 of
+msgid ""
+"If :py:data:`True`, when users try to sign in with an invalid login, a "
+"message is shown indicating that the password is wrong, but does not give"
+" a clue whether the login exists or not."
+msgstr ""
+
+#: ../../docstring
+#: canaille.core.configuration.CoreSettings.HIDE_INVALID_LOGINS:5 of
+msgid ""
+"If :py:data:`False`, when a user tries to sign in with an invalid login, "
+"a message is shown indicating that the login does not exist."
+msgstr ""
+
+#: ../../docstring canaille.core.configuration.CoreSettings.HTMX:1 of
+msgid "Accelerates webpages loading with asynchronous requests."
+msgstr ""
+
+#: ../../docstring
+#: canaille.core.configuration.CoreSettings.INVITATION_EXPIRATION:1 of
+msgid "The validity duration of registration invitations, in seconds."
+msgstr ""
+
+#: ../../docstring
+#: canaille.core.configuration.CoreSettings.INVITATION_EXPIRATION:3 of
+msgid "Defaults to 2 days."
+msgstr ""
+
+#: ../../docstring canaille.core.configuration.CoreSettings.JAVASCRIPT:1 of
+msgid "Enables Javascript to smooth the user experience."
+msgstr ""
+
+#: ../../docstring canaille.core.configuration.CoreSettings.LANGUAGE:1 of
+msgid "If a language code is set, it will be used for every user."
+msgstr ""
+
+#: ../../docstring canaille.core.configuration.CoreSettings.LANGUAGE:3 of
+msgid "If unset, the language is guessed according to the users browser."
+msgstr ""
+
+#: ../../docstring canaille.core.configuration.CoreSettings.LOGGING:1 of
+msgid ""
+"Configures the logging output using the python logging configuration "
+"format:"
+msgstr ""
+
+#: ../../docstring canaille.core.configuration.CoreSettings.LOGGING:3 of
+msgid ""
+"if :py:data:`None`, everything is logged in the standard error output the"
+" log level is :py:data:`~logging.DEBUG` if the "
+":attr:`~canaille.app.configuration.RootSettings.DEBUG` setting is "
+":py:data:`True`, else this is :py:data:`~logging.INFO`"
+msgstr ""
+
+#: ../../docstring canaille.core.configuration.CoreSettings.LOGGING:6 of
+msgid ""
+"if this is a :class:`dict`, it is passed to "
+":func:`logging.config.dictConfig`:"
+msgstr ""
+
+#: ../../docstring canaille.core.configuration.CoreSettings.LOGGING:7 of
+msgid ""
+"if this is a :class:`str`, it is expected to be a file path that will be "
+"passed to :func:`logging.config.fileConfig`"
+msgstr ""
+
+#: ../../docstring canaille.core.configuration.CoreSettings.LOGGING:10 of
+msgid "For example::"
+msgstr ""
+
+#: ../../docstring canaille.core.configuration.CoreSettings.LOGO:1 of
+msgid ""
+"The logo of your organization, this is useful to make your organization "
+"recognizable on login screens."
+msgstr ""
+
+#: ../../docstring
+#: canaille.core.configuration.CoreSettings.MAX_PASSWORD_LENGTH:1 of
+msgid "Maximum length for user password."
+msgstr ""
+
+#: ../../docstring
+#: canaille.core.configuration.CoreSettings.MAX_PASSWORD_LENGTH:3 of
+msgid ""
+"There is a technical limit with passlib used by sql database of 4096 "
+"characters. If the value entered is 0 or None, or greater than 4096, then"
+" 4096 will be retained."
+msgstr ""
+
+#: ../../docstring
+#: canaille.core.configuration.CoreSettings.MIN_PASSWORD_LENGTH:1 of
+msgid "Minimum length for user password."
+msgstr ""
+
+#: ../../docstring
+#: canaille.core.configuration.CoreSettings.MIN_PASSWORD_LENGTH:3 of
+msgid "It is possible not to set a minimum, by entering None or 0."
+msgstr ""
+
+#: ../../docstring canaille.core.configuration.CoreSettings.NAME:1 of
+msgid "Your organization name."
+msgstr ""
+
+#: ../../docstring canaille.core.configuration.CoreSettings.NAME:3 of
+msgid "Used for display purpose."
+msgstr ""
+
+#: ../../docstring
+#: canaille.core.configuration.CoreSettings.PASSWORD_COMPROMISSION_CHECK_API_URL:1
+#: of
+msgid "Have i been pwned api url for compromission checks."
+msgstr ""
+
+#: ../../docstring canaille.core.configuration.CoreSettings.SENTRY_DSN:1 of
+msgid "A `Sentry <https://sentry.io>`_ DSN to collect the exceptions."
+msgstr ""
+
+#: ../../docstring canaille.core.configuration.CoreSettings.SENTRY_DSN:3 of
+msgid "This is useful for tracking errors in test and production environments."
+msgstr ""
+
+#: ../../docstring canaille.core.configuration.CoreSettings.SMTP:1 of
+msgid "The settings related to SMTP and mail configuration."
+msgstr ""
+
+#: ../../docstring canaille.core.configuration.CoreSettings.SMTP:3 of
+msgid "If unset, mail-related features like password recovery won't be enabled."
+msgstr ""
+
+#: ../../docstring canaille.core.configuration.CoreSettings.THEME:1 of
+msgid "The name of a theme in the 'theme' directory, or a path to a theme."
+msgstr ""
+
+#: ../../docstring canaille.core.configuration.CoreSettings.THEME:3 of
+msgid ""
+"Defaults to ``default``. Theming is done with `flask-themer "
+"<https://github.com/tktech/flask-themer>`_."
+msgstr ""
+
+#: ../../docstring canaille.core.configuration.CoreSettings.TIMEZONE:1 of
+msgid ""
+"The timezone in which datetimes will be displayed to the users (e.g. "
+"``CEST``)."
+msgstr ""
+
+#: ../../docstring canaille.core.configuration.CoreSettings.TIMEZONE:4 of
+msgid "If unset, the server timezone will be used."
+msgstr ""
+
+#: canaille.core.configuration.SMTPSettings:1 of
+msgid ""
+"The SMTP configuration. Belong in the ``CANAILLE.SMTP`` namespace. If "
+"unset, mail related features will be disabled, such as mail verification "
+"or password recovery emails."
+msgstr ""
+
+#: canaille.core.configuration.SMTPSettings:5 of
+msgid ""
+"By default, Canaille will try to send mails from localhost without "
+"authentication."
+msgstr ""
+
+#: ../../docstring canaille.core.configuration.SMTPSettings.FROM_ADDR:1 of
+msgid "The sender for Canaille mails."
+msgstr ""
+
+#: ../../docstring canaille.core.configuration.SMTPSettings.FROM_ADDR:3 of
+msgid "Some mail provider might require a valid sender address."
+msgstr ""
+
+#: ../../docstring canaille.core.configuration.SMTPSettings.HOST:1 of
+msgid "The SMTP host."
+msgstr ""
+
+#: ../../docstring canaille.core.configuration.SMTPSettings.LOGIN:1 of
+msgid "The SMTP login."
+msgstr ""
+
+#: ../../docstring canaille.core.configuration.SMTPSettings.PASSWORD:1 of
+msgid "The SMTP password."
+msgstr ""
+
+#: ../../docstring canaille.core.configuration.SMTPSettings.PORT:1 of
+msgid "The SMTP port."
+msgstr ""
+
+#: ../../docstring canaille.core.configuration.SMTPSettings.SSL:1 of
+msgid "Whether to use SSL to connect to the SMTP server."
+msgstr ""
+
+#: ../../docstring canaille.core.configuration.SMTPSettings.TLS:1 of
+msgid "Whether to use TLS to connect to the SMTP server."
+msgstr ""
+
+#: canaille.core.configuration.ACLSettings:1 of
+msgid "Access Control List settings. Belong in the ``CANAILLE.ACL`` namespace."
+msgstr ""
+
+#: canaille.core.configuration.ACLSettings:3 of
+msgid ""
+"You can define access controls that define what users can do on canaille "
+"An access control consists in a :attr:`FILTER` to match users, a list of "
+":attr:`PERMISSIONS` matched users will be able to perform, and fields "
+"users will be able to :attr:`READ` and :attr:`WRITE`. Users matching "
+"several filters will cumulate permissions."
+msgstr ""
+
+#: ../../docstring canaille.core.configuration.ACLSettings.FILTER:1 of
+msgid ":attr:`FILTER` can be:"
+msgstr ""
+
+#: ../../docstring canaille.core.configuration.ACLSettings.FILTER:3 of
+msgid ""
+":py:data:`None`, in which case all the users will match this access "
+"control"
+msgstr ""
+
+#: ../../docstring canaille.core.configuration.ACLSettings.FILTER:4 of
+msgid ""
+"a mapping where keys are user attributes name and the values those user "
+"attribute values. All the values must be matched for the user to be part "
+"of the access control."
+msgstr ""
+
+#: ../../docstring canaille.core.configuration.ACLSettings.FILTER:7 of
+msgid ""
+"a list of those mappings. If a user values match at least one mapping, "
+"then the user will be part of the access control"
+msgstr ""
+
+#: ../../docstring canaille.core.configuration.ACLSettings.FILTER:10 of
+msgid "Here are some examples::"
+msgstr ""
+
+#: ../../docstring canaille.core.configuration.ACLSettings.PERMISSIONS:1 of
+msgid ""
+"A list of :class:`Permission` users in the access control will be able to"
+" manage. For example::"
+msgstr ""
+
+#: ../../docstring canaille.core.configuration.ACLSettings.READ:1 of
+msgid ""
+"A list of :class:`~canaille.core.models.User` attributes that users in "
+"the ACL will be able to read."
+msgstr ""
+
+#: ../../docstring canaille.core.configuration.ACLSettings.WRITE:1 of
+msgid ""
+"A list of :class:`~canaille.core.models.User` attributes that users in "
+"the ACL will be able to edit."
+msgstr ""
+
+#: canaille.core.configuration.Permission:1 of
+msgid "The permissions that can be assigned to users."
+msgstr ""
+
+#: canaille.core.configuration.Permission:3 of
+msgid ""
+"The permissions are intended to be used in :attr:`ACLSettings "
+"<canaille.core.configuration.ACLSettings.PERMISSIONS>`."
+msgstr ""
+
+#: ../../docstring canaille.core.configuration.Permission.DELETE_ACCOUNT:1 of
+msgid "Allows users to delete their account."
+msgstr ""
+
+#: ../../docstring canaille.core.configuration.Permission.DELETE_ACCOUNT:3 of
+msgid ""
+"If used with "
+":attr:`~canaille.core.configuration.Permission.MANAGE_USERS`, users can "
+"delete any account."
+msgstr ""
+
+#: ../../docstring canaille.core.configuration.Permission.EDIT_SELF:1 of
+msgid "Allows users to edit their own profile."
+msgstr ""
+
+#: ../../docstring canaille.core.configuration.Permission.IMPERSONATE_USERS:1
+#: of
+msgid "Allows users to take the identity of another user."
+msgstr ""
+
+#: ../../docstring canaille.core.configuration.Permission.MANAGE_GROUPS:1 of
+msgid "Allows group edition and creation."
+msgstr ""
+
+#: ../../docstring canaille.core.configuration.Permission.MANAGE_OIDC:1 of
+msgid "Allows OpenID Connect client managements."
+msgstr ""
+
+#: ../../docstring canaille.core.configuration.Permission.MANAGE_USERS:1 of
+msgid "Allows other users management."
+msgstr ""
+
+#: ../../docstring canaille.core.configuration.Permission.USE_OIDC:1 of
+msgid "Allows OpenID Connect authentication."
+msgstr ""
+
+#: canaille.oidc.configuration.OIDCSettings:1 of
+msgid "OpenID Connect settings."
+msgstr ""
+
+#: canaille.oidc.configuration.OIDCSettings:3 of
+msgid "Belong in the ``CANAILLE_OIDC`` namespace."
+msgstr ""
+
+#: ../../docstring
+#: canaille.oidc.configuration.OIDCSettings.DYNAMIC_CLIENT_REGISTRATION_OPEN:1
+#: of
+msgid "Whether a token is needed for the RFC7591 dynamical client registration."
+msgstr ""
+
+#: ../../docstring
+#: canaille.oidc.configuration.OIDCSettings.DYNAMIC_CLIENT_REGISTRATION_OPEN:3
+#: of
+msgid ""
+"If :py:data:`True`, no token is needed to register a client. If "
+":py:data:`False`, dynamical client registration needs a token defined in "
+":attr:`DYNAMIC_CLIENT_REGISTRATION_TOKENS`."
+msgstr ""
+
+#: ../../docstring
+#: canaille.oidc.configuration.OIDCSettings.DYNAMIC_CLIENT_REGISTRATION_TOKENS:1
+#: of
+msgid "A list of tokens that can be used for dynamic client registration."
+msgstr ""
+
+#: ../../docstring canaille.oidc.configuration.OIDCSettings.JWT:1 of
+msgid "JSON Web Token settings."
+msgstr ""
+
+#: ../../docstring canaille.oidc.configuration.OIDCSettings.REQUIRE_NONCE:1 of
+msgid "Force the nonce exchange during the authentication flows."
+msgstr ""
+
+#: ../../docstring canaille.oidc.configuration.OIDCSettings.REQUIRE_NONCE:3 of
+msgid "This adds security but may not be supported by all clients."
+msgstr ""
+
+#: canaille.oidc.configuration.JWTSettings:1 of
+msgid "JSON Web Token settings. Belong in the ``CANAILLE_OIDC.JWT`` namespace."
+msgstr ""
+
+#: canaille.oidc.configuration.JWTSettings:3 of
+msgid "You can generate a RSA keypair with::"
+msgstr ""
+
+#: ../../docstring canaille.oidc.configuration.JWTSettings.ALG:1 of
+msgid "The key algorithm."
+msgstr ""
+
+#: ../../docstring canaille.oidc.configuration.JWTSettings.EXP:1 of
+msgid "The time the JWT will be valid, in seconds."
+msgstr ""
+
+#: ../../docstring canaille.oidc.configuration.JWTSettings.ISS:1 of
+msgid "The URI of the identity provider."
+msgstr ""
+
+#: ../../docstring canaille.oidc.configuration.JWTSettings.KTY:1 of
+msgid "The key type."
+msgstr ""
+
+#: ../../docstring canaille.oidc.configuration.JWTSettings.PRIVATE_KEY:1 of
+msgid "The private key."
+msgstr ""
+
+#: ../../docstring canaille.oidc.configuration.JWTSettings.PRIVATE_KEY:3
+#: canaille.oidc.configuration.JWTSettings.PUBLIC_KEY:3 of
+msgid ""
+"If :py:data:`None` and debug mode is enabled, then an in-memory key will "
+"be used."
+msgstr ""
+
+#: ../../docstring canaille.oidc.configuration.JWTSettings.PUBLIC_KEY:1 of
+msgid "The public key."
+msgstr ""
+
+#: canaille.oidc.configuration.JWTMappingSettings:1 of
+msgid "Mapping between the user model and the JWT fields."
+msgstr ""
+
+#: canaille.oidc.configuration.JWTMappingSettings:3 of
+msgid "Fields are evaluated with jinja. A ``user`` var is available."
+msgstr ""
+
+#: canaille.backends.sql.configuration.SQLSettings:1 of
+msgid "Settings related to the SQL backend."
+msgstr ""
+
+#: canaille.backends.sql.configuration.SQLSettings:3 of
+msgid "Belong in the ``CANAILLE_SQL`` namespace."
+msgstr ""
+
+#: ../../docstring
+#: canaille.backends.sql.configuration.SQLSettings.DATABASE_URI:1 of
+msgid "The SQL server URI. For example::"
+msgstr ""
+
+#: canaille.backends.ldap.configuration.LDAPSettings:1 of
+msgid "Settings related to the LDAP backend."
+msgstr ""
+
+#: canaille.backends.ldap.configuration.LDAPSettings:3 of
+msgid "Belong in the ``CANAILLE_LDAP`` namespace."
+msgstr ""
+
+#: ../../docstring canaille.backends.ldap.configuration.LDAPSettings.BIND_DN:1
+#: of
+msgid "The LDAP bind DN."
+msgstr ""
+
+#: ../../docstring canaille.backends.ldap.configuration.LDAPSettings.BIND_PW:1
+#: of
+msgid "The LDAP bind password."
+msgstr ""
+
+#: ../../docstring
+#: canaille.backends.ldap.configuration.LDAPSettings.GROUP_BASE:1 of
+msgid "The LDAP node under which groups will be looked for and saved."
+msgstr ""
+
+#: ../../docstring
+#: canaille.backends.ldap.configuration.LDAPSettings.GROUP_BASE:3 of
+msgid "For instance `\"ou=groups,dc=mydomain,dc=tld\"`."
+msgstr ""
+
+#: ../../docstring
+#: canaille.backends.ldap.configuration.LDAPSettings.GROUP_CLASS:1 of
+msgid "The object class to use for creating new groups."
+msgstr ""
+
+#: ../../docstring
+#: canaille.backends.ldap.configuration.LDAPSettings.GROUP_NAME_ATTRIBUTE:1 of
+msgid "The attribute to use to identify a group."
+msgstr ""
+
+#: ../../docstring
+#: canaille.backends.ldap.configuration.LDAPSettings.GROUP_RDN:1 of
+msgid "The attribute to identify an object in the Group DN."
+msgstr ""
+
+#: ../../docstring canaille.backends.ldap.configuration.LDAPSettings.ROOT_DN:1
+#: of
+msgid "The LDAP root DN."
+msgstr ""
+
+#: ../../docstring canaille.backends.ldap.configuration.LDAPSettings.TIMEOUT:1
+#: of
+msgid "The LDAP connection timeout."
+msgstr ""
+
+#: ../../docstring canaille.backends.ldap.configuration.LDAPSettings.URI:1 of
+msgid "The LDAP server URI."
+msgstr ""
+
+#: ../../docstring
+#: canaille.backends.ldap.configuration.LDAPSettings.USER_BASE:1 of
+msgid "The LDAP node under which users will be looked for and saved."
+msgstr ""
+
+#: ../../docstring
+#: canaille.backends.ldap.configuration.LDAPSettings.USER_BASE:3 of
+msgid "For instance `ou=users,dc=mydomain,dc=tld`."
+msgstr ""
+
+#: ../../docstring
+#: canaille.backends.ldap.configuration.LDAPSettings.USER_CLASS:1 of
+msgid "The object class to use for creating new users."
+msgstr ""
+
+#: ../../docstring
+#: canaille.backends.ldap.configuration.LDAPSettings.USER_FILTER:1 of
+msgid "Filter to match users on sign in."
+msgstr ""
+
+#: ../../docstring
+#: canaille.backends.ldap.configuration.LDAPSettings.USER_FILTER:3 of
+msgid ""
+"For instance ``(|(uid={{ login }})(mail={{ login }}))``. Jinja syntax is "
+"supported and a ``login`` variable is available, containing the value "
+"passed in the login field."
+msgstr ""
+
+#: ../../docstring canaille.backends.ldap.configuration.LDAPSettings.USER_RDN:1
+#: of
+msgid "The attribute to identify an object in the User DN."
+msgstr ""
+
+#: ../../doc/references/configuration.rst:81
+msgid "Example file"
+msgstr ""
+
+#: ../../doc/references/configuration.rst:83
+msgid "Here is a configuration file example:"
+msgstr ""
+
+#: ../../doc/references/index.rst:2
+msgid "References"
+msgstr ""
+
+#: ../../doc/references/models.rst:2
+msgid "Data models"
+msgstr ""
+
+#: ../../doc/references/models.rst:4
+msgid ""
+"This reference details the data models used by Canaille. This is mostly "
+"useful for developers."
+msgstr ""
+
+#: canaille.backends.models.BackendModel:1 canaille.backends.models.Model:1 of
+msgid "Bases: :py:class:`object`"
+msgstr ""
+
+#: canaille.backends.models.BackendModel:1 of
+msgid "The backend model abstract class."
+msgstr ""
+
+#: canaille.backends.models.BackendModel:3 of
+msgid ""
+"It details all the methods and attributes that are expected to be "
+"implemented for every model and for every backend."
+msgstr ""
+
+#: canaille.backends.models.Model:1 of
+msgid "The model abstract class."
+msgstr ""
+
+#: canaille.backends.models.Model:3 of
+msgid "It details all the common attributes shared by every models."
+msgstr ""
+
+#: ../../docstring canaille.backends.models.Model.created:1 of
+msgid ""
+"The :class:`~datetime.datetime` that the resource was added to the "
+"service provider."
+msgstr ""
+
+#: ../../docstring canaille.backends.models.Model.id:1 of
+msgid ""
+"A unique identifier for a SCIM resource as defined by the service "
+"provider. Id will be :py:data:`None` until the "
+":meth:`~canaille.backends.models.BackendModel.save` method is called."
+msgstr ""
+
+#: ../../docstring canaille.backends.models.Model.id:5 of
+msgid ""
+"Each representation of the resource MUST include a non-empty \"id\" "
+"value.  This identifier MUST be unique across the SCIM service provider's"
+" entire set of resources.  It MUST be a stable, non- reassignable "
+"identifier that does not change when the same resource is returned in "
+"subsequent requests.  The value of the \"id\" attribute is always issued "
+"by the service provider and MUST NOT be specified by the client.  The "
+"string \"bulkId\" is a reserved keyword and MUST NOT be used within any "
+"unique identifier value.  The attribute characteristics are \"caseExact\""
+" as \"true\", a mutability of \"readOnly\", and a \"returned\" "
+"characteristic of \"always\".  See Section 9 for additional "
+"considerations regarding privacy."
+msgstr ""
+
+#: canaille.backends.models.Model.identifier:1 of
+msgid "Returns a unique value that will be used to identify the model instance."
+msgstr ""
+
+#: canaille.backends.models.Model.identifier:4 of
+msgid ""
+"This value will be used in URLs in canaille, so it should be unique and "
+"short."
+msgstr ""
+
+#: ../../docstring canaille.backends.models.Model.last_modified:1 of
+msgid ""
+"The most recent :class:`~datetime.datetime` that the details of this "
+"resource were updated at the service provider."
+msgstr ""
+
+#: ../../docstring canaille.backends.models.Model.last_modified:4 of
+msgid ""
+"If this resource has never been modified since its initial creation, the "
+"value MUST be the same as the value of "
+":attr:`~canaille.backends.models.Model.created`."
+msgstr ""
+
+#: canaille.core.models.Group:1 canaille.core.models.User:1
+#: canaille.oidc.basemodels.AuthorizationCode:1
+#: canaille.oidc.basemodels.Client:1 canaille.oidc.basemodels.Consent:1
+#: canaille.oidc.basemodels.Token:1 of
+msgid "Bases: :py:class:`~canaille.backends.models.Model`"
+msgstr ""
+
+#: canaille.core.models.Group:1 of
+msgid ""
+"User model, based on the `SCIM Group schema "
+"<https://datatracker.ietf.org/doc/html/rfc7643#section-4.2>`_."
+msgstr ""
+
+#: ../../docstring canaille.core.models.Group.display_name:1 of
+msgid "A human-readable name for the Group."
+msgstr ""
+
+#: ../../docstring canaille.core.models.Group.display_name:3
+#: canaille.oidc.basemodels.Client.client_id:1 of
+msgid "REQUIRED."
+msgstr ""
+
+#: ../../docstring canaille.core.models.Group.members:1 of
+msgid "A list of members of the Group."
+msgstr ""
+
+#: ../../docstring canaille.core.models.Group.members:3 of
+msgid ""
+"While values MAY be added or removed, sub-attributes of members are "
+"\"immutable\".  The \"value\" sub-attribute contains the value of an "
+"\"id\" attribute of a SCIM resource, and the \"$ref\" sub-attribute must "
+"be the URI of a SCIM resource such as a \"User\", or a \"Group\".  The "
+"intention of the \"Group\" type is to allow the service provider to "
+"support nested groups.  Service providers MAY require clients to provide "
+"a non-empty value by setting the \"required\" attribute characteristic of"
+" a sub-attribute of the \"members\" attribute in the \"Group\" resource "
+"schema."
+msgstr ""
+
+#: canaille.core.models.User:1 of
+msgid ""
+"User model, based on the `SCIM User schema "
+"<https://datatracker.ietf.org/doc/html/rfc7643#section-4.1>`_, "
+"`Entreprise User Schema Extension "
+"<https://datatracker.ietf.org/doc/html/rfc7643#section-4.3>`_ and `SCIM "
+"Password Management Extension <https://datatracker.ietf.org/doc/html"
+"/draft-hunt-scim-password-mgmt-00.html>`_ draft. Attribute description is"
+" based on SCIM and put there for information purpose. The description may"
+" not fit the current implementation in Canaille."
+msgstr ""
+
+#: canaille.core.models.User.can:1 of
+msgid ""
+"Whether or not the user has the "
+":class:`~canaille.core.configuration.Permission` according to the "
+":class:`configuration <canaille.core.configuration.ACLSettings>`."
+msgstr ""
+
+#: ../../docstring canaille.core.models.User.department:1 of
+msgid "Identifies the name of a department."
+msgstr ""
+
+#: ../../docstring canaille.core.models.User.display_name:1 of
+msgid "The name of the user, suitable for display to end-users."
+msgstr ""
+
+#: ../../docstring canaille.core.models.User.display_name:3 of
+msgid ""
+"Each user returned MAY include a non-empty displayName value.  The name "
+"SHOULD be the full name of the User being described, if known (e.g., "
+"\"Babs Jensen\" or \"Ms. Barbara J Jensen, III\") but MAY be a username "
+"or handle, if that is all that is available (e.g., \"bjensen\").  The "
+"value provided SHOULD be the primary textual label by which this User is "
+"normally displayed by the service provider when presenting it to end-"
+"users."
+msgstr ""
+
+#: ../../docstring canaille.core.models.User.emails:1 of
+msgid "Email addresses for the User."
+msgstr ""
+
+#: ../../docstring canaille.core.models.User.emails:3 of
+msgid ""
+"The value SHOULD be specified according to [RFC5321].  Service providers "
+"SHOULD canonicalize the value according to [RFC5321], e.g., "
+"\"bjensen@example.com\" instead of \"bjensen@EXAMPLE.COM\".  The "
+"\"display\" sub-attribute MAY be used to return the canonicalized "
+"representation of the email value. The \"type\" sub-attribute is used to "
+"provide a classification meaningful to the (human) user.  The user "
+"interface should encourage the use of basic values of \"work\", \"home\","
+" and \"other\" and MAY allow additional type values to be used at the "
+"discretion of SCIM clients."
+msgstr ""
+
+#: ../../docstring canaille.core.models.User.employee_number:1 of
+msgid ""
+"A string identifier, typically numeric or alphanumeric, assigned to a "
+"person, typically based on order of hire or association with an "
+"organization."
+msgstr ""
+
+#: ../../docstring canaille.core.models.User.family_name:1 of
+msgid ""
+"The family name of the User, or last name in most Western languages "
+"(e.g., \"Jensen\" given the full name \"Ms. Barbara Jane Jensen, III\")."
+msgstr ""
+
+#: ../../docstring canaille.core.models.User.formatted_address:1 of
+msgid ""
+"The full mailing address, formatted for display or use with a mailing "
+"label."
+msgstr ""
+
+#: ../../docstring canaille.core.models.User.formatted_address:4 of
+msgid "This attribute MAY contain newlines."
+msgstr ""
+
+#: ../../docstring canaille.core.models.User.formatted_name:1 of
+msgid ""
+"The full name, including all middle names, titles, and suffixes as "
+"appropriate, formatted for display (e.g., \"Ms. Barbara Jane Jensen, "
+"III\")."
+msgstr ""
+
+#: ../../docstring canaille.core.models.User.given_name:1 of
+msgid ""
+"The given name of the User, or first name in most Western languages "
+"(e.g., \"Barbara\" given the full name \"Ms. Barbara Jane Jensen, III\")."
+msgstr ""
+
+#: ../../docstring canaille.core.models.User.groups:1 of
+msgid ""
+"A list of groups to which the user belongs, either through direct "
+"membership, through nested groups, or dynamically calculated."
+msgstr ""
+
+#: ../../docstring canaille.core.models.User.groups:4 of
+msgid ""
+"The values are meant to enable expression of common group-based or role-"
+"based access control models, although no explicit authorization model is "
+"defined.  It is intended that the semantics of group membership and any "
+"behavior or authorization granted as a result of membership are defined "
+"by the service provider.  The canonical types \"direct\" and \"indirect\""
+" are defined to describe how the group membership was derived.  Direct "
+"group membership indicates that the user is directly associated with the "
+"group and SHOULD indicate that clients may modify membership through the "
+"\"Group\" resource. Indirect membership indicates that user membership is"
+" transitive or dynamic and implies that clients cannot modify indirect "
+"group membership through the \"Group\" resource but MAY modify direct "
+"group membership through the \"Group\" resource, which may influence "
+"indirect memberships.  If the SCIM service provider exposes a \"Group\" "
+"resource, the \"value\" sub-attribute MUST be the \"id\", and the "
+"\"$ref\" sub-attribute must be the URI of the corresponding \"Group\" "
+"resources to which the user belongs.  Since this attribute has a "
+"mutability of \"readOnly\", group membership changes MUST be applied via "
+"the \"Group\" Resource (Section 4.2).  This attribute has a mutability of"
+" \"readOnly\"."
+msgstr ""
+
+#: canaille.core.models.User.has_password:1 of
+msgid "Check whether a password has been set for the user."
+msgstr ""
+
+#: ../../docstring canaille.core.models.User.locality:1 of
+msgid "The city or locality component."
+msgstr ""
+
+#: ../../docstring canaille.core.models.User.lock_date:1 of
+msgid "A DateTime indicating when the resource was locked."
+msgstr ""
+
+#: canaille.core.models.User.locked:1 of
+msgid "Whether the user account has been locked or has expired."
+msgstr ""
+
+#: ../../docstring canaille.core.models.User.organization:1 of
+msgid "Identifies the name of an organization."
+msgstr ""
+
+#: ../../docstring canaille.core.models.User.password:1 of
+msgid ""
+"This attribute is intended to be used as a means to set, replace, or "
+"compare (i.e., filter for equality) a password.  The cleartext value or "
+"the hashed value of a password SHALL NOT be returnable by a service "
+"provider.  If a service provider holds the value locally, the value "
+"SHOULD be hashed.  When a password is set or changed by the client, the "
+"cleartext password SHOULD be processed by the service provider as "
+"follows:"
+msgstr ""
+
+#: ../../docstring canaille.core.models.User.password:9 of
+msgid ""
+"Prepare the cleartext value for international language comparison.  See "
+"Section 7.8 of [RFC7644]."
+msgstr ""
+
+#: ../../docstring canaille.core.models.User.password:12 of
+msgid ""
+"Validate the value against server password policy.  Note: The definition "
+"and enforcement of password policy are beyond the scope of this document."
+msgstr ""
+
+#: ../../docstring canaille.core.models.User.password:16 of
+msgid ""
+"Ensure that the value is encrypted (e.g., hashed).  See Section 9.2 for "
+"acceptable hashing and encryption handling when storing or persisting for"
+" provisioning workflow reasons."
+msgstr ""
+
+#: ../../docstring canaille.core.models.User.password:20 of
+msgid ""
+"A service provider that immediately passes the cleartext value on to "
+"another system or programming interface MUST pass the value directly over"
+" a secured connection (e.g., Transport Layer Security (TLS)).  If the "
+"value needs to be temporarily persisted for a period of time (e.g., "
+"because of a workflow) before provisioning, then the value MUST be "
+"protected by some method, such as encryption."
+msgstr ""
+
+#: ../../docstring canaille.core.models.User.password:28 of
+msgid ""
+"Testing for an equality match MAY be supported if there is an existing "
+"stored hashed value.  When testing for equality, the service provider:"
+msgstr ""
+
+#: ../../docstring canaille.core.models.User.password:32 of
+msgid ""
+"Prepares the filter value for international language comparison.  See "
+"Section 7.8 of [RFC7644]."
+msgstr ""
+
+#: ../../docstring canaille.core.models.User.password:35 of
+msgid ""
+"Generates the salted hash of the filter value and tests for a match with "
+"the locally held value."
+msgstr ""
+
+#: ../../docstring canaille.core.models.User.password:38 of
+msgid ""
+"The mutability of the password attribute is \"writeOnly\", indicating "
+"that the value MUST NOT be returned by a service provider in any form "
+"(the attribute characteristic \"returned\" is \"never\")."
+msgstr ""
+
+#: ../../docstring canaille.core.models.User.phone_numbers:1 of
+msgid "Phone numbers for the user."
+msgstr ""
+
+#: ../../docstring canaille.core.models.User.phone_numbers:3 of
+msgid ""
+"The value SHOULD be specified according to the format defined in "
+"[RFC3966], e.g., 'tel:+1-201-555-0123'.  Service providers SHOULD "
+"canonicalize the value according to [RFC3966] format, when appropriate.  "
+"The \"display\" sub-attribute MAY be used to return the canonicalized "
+"representation of the phone number value.  The sub- attribute \"type\" "
+"often has typical values of \"work\", \"home\", \"mobile\", \"fax\", "
+"\"pager\", and \"other\" and MAY allow more types to be defined by the "
+"SCIM clients."
+msgstr ""
+
+#: ../../docstring canaille.core.models.User.photo:1 of
+msgid ""
+"A URI that is a uniform resource locator (as defined in Section 1.1.3 of "
+"[RFC3986]) that points to a resource location representing the user's "
+"image."
+msgstr ""
+
+#: ../../docstring canaille.core.models.User.photo:5 of
+msgid ""
+"The resource MUST be a file (e.g., a GIF, JPEG, or PNG image file) rather"
+" than a web page containing an image.  Service providers MAY return the "
+"same image in different sizes, although it is recognized that no standard"
+" for describing images of various sizes currently exists.  Note that this"
+" attribute SHOULD NOT be used to send down arbitrary photos taken by this"
+" user; instead, profile photos of the user that are suitable for display "
+"when describing the user should be sent. Instead of the standard "
+"canonical values for type, this attribute defines the following canonical"
+" values to represent popular photo sizes: \"photo\" and \"thumbnail\"."
+msgstr ""
+
+#: ../../docstring canaille.core.models.User.postal_code:1 of
+msgid "The zip code or postal code component."
+msgstr ""
+
+#: ../../docstring canaille.core.models.User.preferred_language:1 of
+msgid ""
+"Indicates the user's preferred written or spoken languages and is "
+"generally used for selecting a localized user interface."
+msgstr ""
+
+#: ../../docstring canaille.core.models.User.preferred_language:4 of
+msgid ""
+"The value indicates the set of natural languages that are preferred. The "
+"format of the value is the same as the HTTP Accept-Language header field "
+"(not including \"Accept-Language:\") and is specified in Section 5.3.5 of"
+" [RFC7231].  The intent of this value is to enable cloud applications to "
+"perform matching of language tags [RFC4647] to the user's language "
+"preferences, regardless of what may be indicated by a user agent (which "
+"might be shared), or in an interaction that does not involve a user (such"
+" as in a delegated OAuth 2.0 [RFC6749] style interaction) where normal "
+"HTTP Accept-Language header negotiation cannot take place."
+msgstr ""
+
+#: ../../docstring canaille.core.models.User.profile_url:1 of
+msgid ""
+"A URI that is a uniform resource locator (as defined in Section 1.1.3 of "
+"[RFC3986]) and that points to a location representing the user's online "
+"profile (e.g., a web page)."
+msgstr ""
+
+#: ../../docstring canaille.core.models.User.profile_url:5 of
+msgid "URIs are canonicalized per Section 6.2 of [RFC3986]."
+msgstr ""
+
+#: canaille.core.models.User.readable_fields:1 of
+msgid ""
+"The fields the user can read according to the :class:`configuration "
+"<canaille.core.configuration.ACLSettings>` configuration."
+msgstr ""
+
+#: canaille.core.models.User.readable_fields:4 of
+msgid ""
+"This does not include the :attr:`writable "
+"<canaille.core.models.User.writable_fields>` fields."
+msgstr ""
+
+#: ../../docstring canaille.core.models.User.region:1 of
+msgid "The state or region component."
+msgstr ""
+
+#: ../../docstring canaille.core.models.User.street:1 of
+msgid ""
+"The full street address component, which may include house number, street"
+" name, P.O."
+msgstr ""
+
+#: ../../docstring canaille.core.models.User.street:4 of
+msgid ""
+"box, and multi-line extended street address information.  This attribute "
+"MAY contain newlines."
+msgstr ""
+
+#: ../../docstring canaille.core.models.User.title:1 of
+msgid "The user's title, such as \"Vice President\"."
+msgstr ""
+
+#: ../../docstring canaille.core.models.User.user_name:1 of
+msgid ""
+"A service provider's unique identifier for the user, typically used by "
+"the user to directly authenticate to the service provider."
+msgstr ""
+
+#: ../../docstring canaille.core.models.User.user_name:4 of
+msgid ""
+"Often displayed to the user as their unique identifier within the system "
+"(as opposed to \"id\" or \"externalId\", which are generally opaque and "
+"not user-friendly identifiers).  Each User MUST include a non-empty "
+"userName value.  This identifier MUST be unique across the service "
+"provider's entire set of Users.  This attribute is REQUIRED and is case "
+"insensitive."
+msgstr ""
+
+#: canaille.core.models.User.writable_fields:1 of
+msgid ""
+"The fields the user can write according to the :class:`configuration "
+"<canaille.core.configuration.ACLSettings>`."
+msgstr ""
+
+#: canaille.oidc.basemodels.AuthorizationCode:1 of
+msgid "OpenID Connect temporary authorization code definition."
+msgstr ""
+
+#: canaille.oidc.basemodels.Client:1 of
+msgid ""
+"OpenID Connect client definition, based on the `OAuth 2.0 Dynamic Client "
+"Registration protocols "
+"<https://datatracker.ietf.org/doc/html/rfc7591.html>`_ and the `OpenID "
+"Connect RP-Initiated Logout <https://openid.net/specs/openid-connect-"
+"rpinitiated-1_0.html>`_ specifications."
+msgstr ""
+
+#: ../../docstring canaille.oidc.basemodels.Client.client_id:3 of
+msgid ""
+"OAuth 2.0 client identifier string.  It SHOULD NOT be currently valid for"
+" any other registered client, though an authorization server MAY issue "
+"the same client identifier to multiple instances of a registered client "
+"at its discretion."
+msgstr ""
+
+#: ../../docstring canaille.oidc.basemodels.Client.client_id_issued_at:1
+#: canaille.oidc.basemodels.Client.client_secret:1
+#: canaille.oidc.basemodels.Client.post_logout_redirect_uris:1 of
+msgid "OPTIONAL."
+msgstr ""
+
+#: ../../docstring canaille.oidc.basemodels.Client.client_id_issued_at:3 of
+msgid ""
+"Time at which the client identifier was issued.  The time is represented "
+"as the number of seconds from 1970-01-01T00:00:00Z as measured in UTC "
+"until the date/time of issuance."
+msgstr ""
+
+#: ../../docstring canaille.oidc.basemodels.Client.client_name:1 of
+msgid ""
+"Human-readable string name of the client to be presented to the end-user "
+"during authorization."
+msgstr ""
+
+#: ../../docstring canaille.oidc.basemodels.Client.client_name:4 of
+msgid ""
+"If omitted, the authorization server MAY display the raw \"client_id\" "
+"value to the end-user instead.  It is RECOMMENDED that clients always "
+"send this field. The value of this field MAY be internationalized, as "
+"described in Section 2.2."
+msgstr ""
+
+#: ../../docstring canaille.oidc.basemodels.Client.client_secret:3 of
+msgid ""
+"OAuth 2.0 client secret string.  If issued, this MUST be unique for each "
+"\"client_id\" and SHOULD be unique for multiple instances of a client "
+"using the same \"client_id\".  This value is used by confidential clients"
+" to authenticate to the token endpoint, as described in OAuth 2.0 "
+"[RFC6749], Section 2.3.1."
+msgstr ""
+
+#: ../../docstring canaille.oidc.basemodels.Client.client_secret_expires_at:1
+#: of
+msgid "REQUIRED if \"client_secret\" is issued."
+msgstr ""
+
+#: ../../docstring canaille.oidc.basemodels.Client.client_secret_expires_at:3
+#: of
+msgid ""
+"Time at which the client secret will expire or 0 if it will not expire.  "
+"The time is represented as the number of seconds from "
+"1970-01-01T00:00:00Z as measured in UTC until the date/time of "
+"expiration."
+msgstr ""
+
+#: ../../docstring canaille.oidc.basemodels.Client.client_uri:1 of
+msgid "URL string of a web page providing information about the client."
+msgstr ""
+
+#: ../../docstring canaille.oidc.basemodels.Client.client_uri:3 of
+msgid ""
+"If present, the server SHOULD display this URL to the end-user in a "
+"clickable fashion.  It is RECOMMENDED that clients always send this "
+"field.  The value of this field MUST point to a valid web page.  The "
+"value of this field MAY be internationalized, as described in Section "
+"2.2."
+msgstr ""
+
+#: ../../docstring canaille.oidc.basemodels.Client.contacts:1 of
+msgid ""
+"Array of strings representing ways to contact people responsible for this"
+" client, typically email addresses."
+msgstr ""
+
+#: ../../docstring canaille.oidc.basemodels.Client.contacts:4 of
+msgid ""
+"The authorization server MAY make these contact addresses available to "
+"end-users for support requests for the client.  See Section 6 for "
+"information on Privacy Considerations."
+msgstr ""
+
+#: ../../docstring canaille.oidc.basemodels.Client.grant_types:1 of
+msgid ""
+"Array of OAuth 2.0 grant type strings that the client can use at the "
+"token endpoint.  These grant types are defined as follows:"
+msgstr ""
+
+#: ../../docstring canaille.oidc.basemodels.Client.grant_types:4 of
+msgid ""
+"\"authorization_code\": The authorization code grant type defined in "
+"OAuth 2.0, Section 4.1."
+msgstr ""
+
+#: ../../docstring canaille.oidc.basemodels.Client.grant_types:7 of
+msgid "\"implicit\": The implicit grant type defined in OAuth 2.0, Section 4.2."
+msgstr ""
+
+#: ../../docstring canaille.oidc.basemodels.Client.grant_types:10 of
+msgid ""
+"\"password\": The resource owner password credentials grant type defined "
+"in OAuth 2.0, Section 4.3."
+msgstr ""
+
+#: ../../docstring canaille.oidc.basemodels.Client.grant_types:13 of
+msgid ""
+"\"client_credentials\": The client credentials grant type defined in "
+"OAuth 2.0, Section 4.4."
+msgstr ""
+
+#: ../../docstring canaille.oidc.basemodels.Client.grant_types:16 of
+msgid ""
+"\"refresh_token\": The refresh token grant type defined in OAuth 2.0, "
+"Section 6."
+msgstr ""
+
+#: ../../docstring canaille.oidc.basemodels.Client.grant_types:19 of
+msgid ""
+"\"urn:ietf:params:oauth:grant-type:jwt-bearer\": The JWT Bearer Token "
+"Grant Type defined in OAuth JWT Bearer Token Profiles [RFC7523]."
+msgstr ""
+
+#: ../../docstring canaille.oidc.basemodels.Client.grant_types:23 of
+msgid ""
+"\"urn:ietf:params:oauth:grant-type:saml2-bearer\": The SAML 2.0 Bearer "
+"Assertion Grant defined in OAuth SAML 2 Bearer Token Profiles [RFC7522]."
+msgstr ""
+
+#: ../../docstring canaille.oidc.basemodels.Client.grant_types:27 of
+msgid ""
+"If the token endpoint is used in the grant type, the value of this "
+"parameter MUST be the same as the value of the \"grant_type\" parameter "
+"passed to the token endpoint defined in the grant type definition.  "
+"Authorization servers MAY allow for other values as defined in the grant "
+"type extension process described in OAuth 2.0, Section 4.5.  If omitted, "
+"the default behavior is that the client will use only the "
+"\"authorization_code\" Grant Type."
+msgstr ""
+
+#: ../../docstring canaille.oidc.basemodels.Client.jwk:1 of
+msgid ""
+"Client's JSON Web Key Set [RFC7517] document value, which contains the "
+"client's public keys."
+msgstr ""
+
+#: ../../docstring canaille.oidc.basemodels.Client.jwk:4 of
+msgid ""
+"The value of this field MUST be a JSON object containing a valid JWK Set."
+"  These keys can be used by higher-level protocols that use signing or "
+"encryption.  This parameter is intended to be used by clients that cannot"
+" use the \"jwks_uri\" parameter, such as native clients that cannot host "
+"public URLs.  The \"jwks_uri\" and \"jwks\" parameters MUST NOT both be "
+"present in the same request or response."
+msgstr ""
+
+#: ../../docstring canaille.oidc.basemodels.Client.jwks_uri:1 of
+msgid ""
+"URL string referencing the client's JSON Web Key (JWK) Set [RFC7517] "
+"document, which contains the client's public keys."
+msgstr ""
+
+#: ../../docstring canaille.oidc.basemodels.Client.jwks_uri:4 of
+msgid ""
+"The value of this field MUST point to a valid JWK Set document. These "
+"keys can be used by higher-level protocols that use signing or "
+"encryption.  For instance, these keys might be used by some applications "
+"for validating signed requests made to the token endpoint when using JWTs"
+" for client authentication [RFC7523].  Use of this parameter is preferred"
+" over the \"jwks\" parameter, as it allows for easier key rotation.  The "
+"\"jwks_uri\" and \"jwks\" parameters MUST NOT both be present in the same"
+" request or response."
+msgstr ""
+
+#: ../../docstring canaille.oidc.basemodels.Client.logo_uri:1 of
+msgid "URL string that references a logo for the client."
+msgstr ""
+
+#: ../../docstring canaille.oidc.basemodels.Client.logo_uri:3 of
+msgid ""
+"If present, the server SHOULD display this image to the end-user during "
+"approval. The value of this field MUST point to a valid image file.  The "
+"value of this field MAY be internationalized, as described in Section "
+"2.2."
+msgstr ""
+
+#: ../../docstring canaille.oidc.basemodels.Client.policy_uri:1 of
+msgid ""
+"URL string that points to a human-readable privacy policy document that "
+"describes how the deployment organization collects, uses, retains, and "
+"discloses personal data."
+msgstr ""
+
+#: ../../docstring canaille.oidc.basemodels.Client.policy_uri:5
+#: canaille.oidc.basemodels.Client.tos_uri:5 of
+msgid ""
+"The authorization server SHOULD display this URL to the end-user if it is"
+" provided.  The value of this field MUST point to a valid web page.  The "
+"value of this field MAY be internationalized, as described in Section "
+"2.2."
+msgstr ""
+
+#: ../../docstring canaille.oidc.basemodels.Client.post_logout_redirect_uris:3
+#: of
+msgid ""
+"Array of URLs supplied by the RP to which it MAY request that the End-"
+"User's User Agent be redirected using the post_logout_redirect_uri "
+"parameter after a logout has been performed. These URLs SHOULD use the "
+"https scheme and MAY contain port, path, and query parameter components; "
+"however, they MAY use the http scheme, provided that the Client Type is "
+"confidential, as defined in Section 2.1 of OAuth 2.0 [RFC6749], and "
+"provided the OP allows the use of http RP URIs."
+msgstr ""
+
+#: ../../docstring canaille.oidc.basemodels.Client.redirect_uris:1 of
+msgid ""
+"Array of redirection URI strings for use in redirect-based flows such as "
+"the authorization code and implicit flows."
+msgstr ""
+
+#: ../../docstring canaille.oidc.basemodels.Client.redirect_uris:4 of
+msgid ""
+"As required by Section 2 of OAuth 2.0 [RFC6749], clients using flows with"
+" redirection MUST register their redirection URI values. Authorization "
+"servers that support dynamic registration for redirect-based flows MUST "
+"implement support for this metadata value."
+msgstr ""
+
+#: ../../docstring canaille.oidc.basemodels.Client.response_types:1 of
+msgid ""
+"Array of the OAuth 2.0 response type strings that the client can use at "
+"the authorization endpoint.  These response types are defined as follows:"
+msgstr ""
+
+#: ../../docstring canaille.oidc.basemodels.Client.response_types:5 of
+msgid ""
+"\"code\": The authorization code response type defined in OAuth 2.0, "
+"Section 4.1."
+msgstr ""
+
+#: ../../docstring canaille.oidc.basemodels.Client.response_types:8 of
+msgid "\"token\": The implicit response type defined in OAuth 2.0, Section 4.2."
+msgstr ""
+
+#: ../../docstring canaille.oidc.basemodels.Client.response_types:11 of
+msgid ""
+"If the authorization endpoint is used by the grant type, the value of "
+"this parameter MUST be the same as the value of the \"response_type\" "
+"parameter passed to the authorization endpoint defined in the grant type "
+"definition.  Authorization servers MAY allow for other values as defined "
+"in the grant type extension process is described in OAuth 2.0, Section "
+"4.5.  If omitted, the default is that the client will use only the "
+"\"code\" response type."
+msgstr ""
+
+#: ../../docstring canaille.oidc.basemodels.Client.scope:1 of
+msgid ""
+"String containing a space-separated list of scope values (as described in"
+" Section 3.3 of OAuth 2.0 [RFC6749]) that the client can use when "
+"requesting access tokens."
+msgstr ""
+
+#: ../../docstring canaille.oidc.basemodels.Client.scope:5 of
+msgid ""
+"The semantics of values in this list are service specific.  If omitted, "
+"an authorization server MAY register a client with a default set of "
+"scopes."
+msgstr ""
+
+#: ../../docstring canaille.oidc.basemodels.Client.software_id:1 of
+msgid ""
+"A unique identifier string (e.g., a Universally Unique Identifier (UUID))"
+" assigned by the client developer or software publisher used by "
+"registration endpoints to identify the client software to be dynamically "
+"registered."
+msgstr ""
+
+#: ../../docstring canaille.oidc.basemodels.Client.software_id:6 of
+msgid ""
+"Unlike \"client_id\", which is issued by the authorization server and "
+"SHOULD vary between instances, the \"software_id\" SHOULD remain the same"
+" for all instances of the client software.  The \"software_id\" SHOULD "
+"remain the same across multiple updates or versions of the same piece of "
+"software.  The value of this field is not intended to be human readable "
+"and is usually opaque to the client and authorization server."
+msgstr ""
+
+#: ../../docstring canaille.oidc.basemodels.Client.software_version:1 of
+msgid ""
+"A version identifier string for the client software identified by "
+"\"software_id\"."
+msgstr ""
+
+#: ../../docstring canaille.oidc.basemodels.Client.software_version:4 of
+msgid ""
+"The value of the \"software_version\" SHOULD change on any update to the "
+"client software identified by the same \"software_id\".  The value of "
+"this field is intended to be compared using string equality matching and "
+"no other comparison semantics are defined by this specification.  The "
+"value of this field is outside the scope of this specification, but it is"
+" not intended to be human readable and is usually opaque to the client "
+"and authorization server.  The definition of what constitutes an update "
+"to client software that would trigger a change to this value is specific "
+"to the software itself and is outside the scope of this specification."
+msgstr ""
+
+#: ../../docstring canaille.oidc.basemodels.Client.token_endpoint_auth_method:1
+#: of
+msgid ""
+"String indicator of the requested authentication method for the token "
+"endpoint.  Values defined by this specification are:"
+msgstr ""
+
+#: ../../docstring canaille.oidc.basemodels.Client.token_endpoint_auth_method:4
+#: of
+msgid ""
+"\"none\": The client is a public client as defined in OAuth 2.0, Section "
+"2.1, and does not have a client secret."
+msgstr ""
+
+#: ../../docstring canaille.oidc.basemodels.Client.token_endpoint_auth_method:7
+#: of
+msgid ""
+"\"client_secret_post\": The client uses the HTTP POST parameters as "
+"defined in OAuth 2.0, Section 2.3.1."
+msgstr ""
+
+#: ../../docstring
+#: canaille.oidc.basemodels.Client.token_endpoint_auth_method:10 of
+msgid ""
+"\"client_secret_basic\": The client uses HTTP Basic as defined in OAuth "
+"2.0, Section 2.3.1."
+msgstr ""
+
+#: ../../docstring
+#: canaille.oidc.basemodels.Client.token_endpoint_auth_method:13 of
+msgid ""
+"Additional values can be defined via the IANA \"OAuth Token Endpoint "
+"Authentication Methods\" registry established in Section 4.2.  Absolute "
+"URIs can also be used as values for this parameter without being "
+"registered.  If unspecified or omitted, the default is "
+"\"client_secret_basic\", denoting the HTTP Basic authentication scheme as"
+" specified in Section 2.3.1 of OAuth 2.0."
+msgstr ""
+
+#: ../../docstring canaille.oidc.basemodels.Client.tos_uri:1 of
+msgid ""
+"URL string that points to a human-readable terms of service document for "
+"the client that describes a contractual relationship between the end-user"
+" and the client that the end-user accepts when authorizing the client."
+msgstr ""
+
+#: canaille.oidc.basemodels.Consent:1 of
+msgid "Long-term user consent to an application."
+msgstr ""
+
+#: canaille.oidc.basemodels.Token:1 of
+msgid "OpenID Connect token definition."
+msgstr ""
+
diff --git a/doc/locales/fr_FR/LC_MESSAGES/references/commands.po b/doc/locales/fr_FR/LC_MESSAGES/references/commands.po
new file mode 100644
index 00000000..58f7f61c
--- /dev/null
+++ b/doc/locales/fr_FR/LC_MESSAGES/references/commands.po
@@ -0,0 +1,311 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) 2024, Yaal Coop
+# This file is distributed under the same license as the canaille package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, 2024.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: canaille 0.0.56\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2024-11-22 15:37+0100\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language: fr_FR\n"
+"Language-Team: fr_FR <LL@li.org>\n"
+"Plural-Forms: nplurals=2; plural=(n > 1);\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Generated-By: Babel 2.16.0\n"
+
+#: ../../doc/references/commands.rst:2 79e6ecda0d3e4c18b9b9b417a389b4cb
+msgid "Command Line Interface"
+msgstr ""
+
+#: ../../doc/references/commands.rst:4 9d92776c255b4bd98f31a1e55303f2c2
+msgid "Canaille provide several commands to help administrator manage their data."
+msgstr ""
+
+#: ../../doc/references/commands.rst:6 4124b08c4d9e46c39b25f48fff75606a
+msgid ""
+"Generally, some configuration has to be loaded by `Canaille`. This can be"
+" achieved by :ref:`configuration loading "
+"method<references/configuration:Load the configuration>` available, but "
+"most of the time a ``CONFIG`` environment variable is used. For the sake "
+"of readability, it is omitted in the following examples."
+msgstr ""
+
+#: ../../canaille check:1 fe035debad4349ad97133f817e05f703
+msgid "Test the configuration file."
+msgstr ""
+
+#: ../../canaille 3d4649c5c9cc41918f8263ce8808e473 check:1
+msgid ""
+"Attempt to reach the database and the SMTP server with the provided "
+"credentials."
+msgstr ""
+
+#: ../../canaille 7d43179f511a41cd8e5037f050b1bc73 clean:1
+msgid "Remove expired tokens and authorization codes."
+msgstr ""
+
+#: ../../canaille c5179a4168584d4487e447b07141c8f8 install:1
+msgid "Installs canaille elements from the configuration."
+msgstr ""
+
+#: ../../canaille 37a2c93192c64aa5b19e75182e6bc5a5 install:1
+msgid ""
+"For instance, depending on the configuration, this can generate OIDC keys"
+" or install LDAP schemas."
+msgstr ""
+
+#: ../../canaille 29c1126336174fa6989f6650df1f5d09 populate:1
+msgid "Populate the database with generated random data."
+msgstr ""
+
+#: ../../doc/references/commands.rst 01f8ff3528de431a88eea102b8797e7d
+#: 0592f7e20b87434db4aa021da5f46692 0b6dba38e2014e63bf00357d20bc7090
+#: 3e812f2b794c4b4ab8dd50cea6e94d42 4bd5821660f0430e94aa55dc1b4e18bf
+#: 4ede76eac0e943d48a95e719582c4c7e 56b6c7dc334d4eb79d9e667cea4c59e6
+#: 5824aa3a83454d8799d3933f5b25c27e 596cf8bccead4e28907f3d3eca3cd4b0
+#: 72b8362317ce4b5eab571c3bf28f4a90 a865ef7184a646eea2b6760e9f29635b
+#: bc6c5f3613204ab9951d4eb4d92efe52 bcd6ff856c2a4f618a392d00f0e35a7b
+#: bf91d423757e4aa88cae8d8ce725a870 c03af85a8f1f4bada70f68c4978c24a5
+#: c05e937c532343f890e5d9b595c514d9 c144ca410af44d17bd266c5cc2b10a63
+#: c96f475202f5459e9fc2854294123e16 e8955b6bee0a454b878b800bceb8265b
+#: f2e7bd0e830c4413aa6b8bb93d3ac544
+msgid "Options"
+msgstr ""
+
+#: ../../canaille dc6b03e91fec490e83c3f487429b951d populate:1
+msgid "Number of items to create"
+msgstr ""
+
+#: ../../canaille 8ab372ad5eff478e8ee32726f43a1164 groups:1 populate
+msgid "Populate the database with generated random groups."
+msgstr ""
+
+#: ../../canaille f7ca835723334ea3be4456346e751dd6 groups:1 populate
+msgid "The maximum number of users that will randomly be affected in the group"
+msgstr ""
+
+#: ../../canaille 8f253323342c4bf690e86f8362567d41 populate users:1
+msgid "Populate the database with generated random users."
+msgstr ""
+
+#: ../../canaille 032913c6c4364d9a99e52f972c5cc17a get:1
+msgid "Read information about models."
+msgstr ""
+
+#: ../../canaille 72d8a0d9271847d7ae3a859791220a2c get:1
+msgid "Options can be used to filter models::"
+msgstr ""
+
+#: ../../canaille f89e83d713814caa9f964a2fca51b72c get:1
+msgid "Displays the matching models in JSON format in the standard output."
+msgstr ""
+
+#: ../../canaille authorizationcode:1 d8204c526181466c82f53e6d657030e7 get
+msgid "Search for authorizationcodes and display the matching models as JSON."
+msgstr ""
+
+#: ../../canaille 3cade804c31f45adbc441a028fecea53 client:1 get
+msgid "Search for clients and display the matching models as JSON."
+msgstr ""
+
+#: ../../canaille 5a310b9dc8c54416be6b9cb1902f1fb1 consent:1 get
+msgid "Search for consents and display the matching models as JSON."
+msgstr ""
+
+#: ../../canaille b4441bed2f8a4eeabc0fc8837ec4f562 get group:1
+msgid "Search for groups and display the matching models as JSON."
+msgstr ""
+
+#: ../../canaille 2f246dd55eeb4aba85c1bd9d369e32df get token:1
+msgid "Search for tokens and display the matching models as JSON."
+msgstr ""
+
+#: ../../canaille bf1fa67a2cb24b53870f7555e3a52c31 get user:1
+msgid "Search for users and display the matching models as JSON."
+msgstr ""
+
+#: ../../canaille eb6cf5e3bc2b4cde8b871663dba45e61 set:1
+msgid "Update models."
+msgstr ""
+
+#: ../../canaille 30b5f0a8217a4189b10d478341f36a49 set:1
+msgid "The command takes an model ID and edit one or several attributes::"
+msgstr ""
+
+#: ../../canaille bd9373e888e1406099374c0b39b84e77 set:1
+msgid "Displays the edited model in JSON format in the standard output."
+msgstr ""
+
+#: ../../canaille 174abc887df24f20a9dda2fac77e83fd authorizationcode:1 set
+msgid ""
+"Update a authorizationcode and display the edited model in JSON format in"
+" the standard output."
+msgstr ""
+
+#: ../../canaille 422c813aa96a482283f24025efb8c3dd
+#: 4ec9af7edd2b47169b518fda3d644639 authorizationcode:1 delete set
+msgid "IDENTIFIER should be a authorizationcode id or authorization_code_id"
+msgstr ""
+
+#: ../../doc/references/commands.rst 5f75b0309d054441a56f4b8517fdbe3d
+#: 5fc02ea2e414430a8b545cf34cd4453f 78a39bec9e344a1d8fa33d34d8bac7fd
+#: 80d369775bf8495f9fd82b9d0ae34e0c 957a9b7287574e26be67a8835aefb32f
+#: c0a17fc3ce6e4932b3715323278dbffb c347665d49e348b5bab1c576ed8596b7
+#: de203337a1ca4e09a9d879e05e1ed654 e2ec38929dcd43339b75733e16f0033b
+#: e4215c7686ed4a17bca187aeb2a0b172 ec2907c65c0c4cb8a89d7552c43cf700
+#: f1fc2a35ac44482cb9e364ddabcc3ea5
+msgid "Arguments"
+msgstr ""
+
+#: ../../canaille 05ce73b0a8364dde9c6119f04b24f944
+#: 12289768135e424dbbdc2b566466500c 13ba6cfe3b3d49b8bb81020a72f91d61
+#: 311ea807815b4e35b5cae0b6d6083fcc 3fba64605a8e42a39976bf717dcd10f3
+#: 89214791cafa4d1dac6bd3ec1fa631fb 9460e7a6cf094a76bf2fb1cd252c3a7c
+#: aac6d7361cd844f1b423545d4a4e68cd authorizationcode:1
+#: c7a234cf435343a79bfed973e7631d2b client:1 consent:1
+#: d3ded9fbefc34521a5c7b04dbcd26be4 delete e0e6897cdfd54ddcbdefd9ca5cad1bb9
+#: edacde43739b441cb3618d8c01220e44 group:1 set token:1 user:1
+msgid "Required argument"
+msgstr ""
+
+#: ../../canaille ac7fcd06851b40afbb06398602fa62ba client:1 set
+msgid ""
+"Update a client and display the edited model in JSON format in the "
+"standard output."
+msgstr ""
+
+#: ../../canaille 369ef3a35a95428687da84c178c248ed
+#: b62f8cbd9dc447329c3d5176f4571aad client:1 delete set
+msgid "IDENTIFIER should be a client id or client_id"
+msgstr ""
+
+#: ../../canaille 632ddaea2a594d14ab976c383702313a consent:1 set
+msgid ""
+"Update a consent and display the edited model in JSON format in the "
+"standard output."
+msgstr ""
+
+#: ../../canaille 602b6168c8654e63b36abab9c7ba5f9c consent:1
+#: d1dd6d8fa58c4836a8f836a32c189eff delete set
+msgid "IDENTIFIER should be a consent id or consent_id"
+msgstr ""
+
+#: ../../canaille bf18f7ffebd74d508d604b4fd0a8599e group:1 set
+msgid ""
+"Update a group and display the edited model in JSON format in the "
+"standard output."
+msgstr ""
+
+#: ../../canaille 62cac2ffd5384b8685460ee652f347b0
+#: 7a3a74db760a4ffe86925454e6967075 delete group:1 set
+msgid "IDENTIFIER should be a group id or display_name"
+msgstr ""
+
+#: ../../canaille 7a1167bf7b1f49f39eaac26d9a9b57e4 set token:1
+msgid ""
+"Update a token and display the edited model in JSON format in the "
+"standard output."
+msgstr ""
+
+#: ../../canaille 3e08125cc6894a05a0bde0f9495466b3
+#: 9aaa82a936274b02bfb5f9beae6fc170 delete set token:1
+msgid "IDENTIFIER should be a token id or token_id"
+msgstr ""
+
+#: ../../canaille f6b67c6e64e246058860790f13d2b963 set user:1
+msgid ""
+"Update a user and display the edited model in JSON format in the standard"
+" output."
+msgstr ""
+
+#: ../../canaille 3235eea8dafc45ceac129398063d9e12
+#: 6ec8598e7e844b85b89e8fba32cd9bc4 delete set user:1
+msgid "IDENTIFIER should be a user id or user_name"
+msgstr ""
+
+#: ../../canaille b37439a748eb43f1807c351b27b68710 create:1
+msgid "Create models."
+msgstr ""
+
+#: ../../canaille 9a254a69b81d4406aaf38ee889f8d053 create:1
+msgid "The model attributes can be passed as command options::"
+msgstr ""
+
+#: ../../canaille a1021d5959534ac08c198e3a7c69d44d create:1
+msgid "Displays the created model in JSON format in the standard output."
+msgstr ""
+
+#: ../../canaille authorizationcode:1 b09ba6722fef4240acc4d8412d36c76a create
+msgid ""
+"Create a new authorizationcode and display the created model in JSON "
+"format in the standard output."
+msgstr ""
+
+#: ../../canaille 22a13bf732564e8fa9d9c3e363d3eb77 client:1 create
+msgid ""
+"Create a new client and display the created model in JSON format in the "
+"standard output."
+msgstr ""
+
+#: ../../canaille 904ef9f6463d4745920450a1ed807562 consent:1 create
+msgid ""
+"Create a new consent and display the created model in JSON format in the "
+"standard output."
+msgstr ""
+
+#: ../../canaille create d2b8f57503534155be249fac5f9a5aed group:1
+msgid ""
+"Create a new group and display the created model in JSON format in the "
+"standard output."
+msgstr ""
+
+#: ../../canaille 27ad14949f284173bc1163c32372465a create token:1
+msgid ""
+"Create a new token and display the created model in JSON format in the "
+"standard output."
+msgstr ""
+
+#: ../../canaille 2193f06fa847408780c7f7316641c7a6 create user:1
+msgid ""
+"Create a new user and display the created model in JSON format in the "
+"standard output."
+msgstr ""
+
+#: ../../canaille da2a6c5ad512466aa6abb26f351337d3 delete:1
+msgid "Delete models."
+msgstr ""
+
+#: ../../canaille 1ff4ff3017cd43c3a3edab341ab42cd0 delete:1
+msgid "The command takes a model ID and deletes it::"
+msgstr ""
+
+#: ../../canaille 9ef5b7a1d4864bd0bf33e819771c7850 authorizationcode:1 delete
+msgid "Delete a authorizationcode."
+msgstr ""
+
+#: ../../canaille client:1 delete f5b20435029c47a29b2ab3e8cfd6ccdb
+msgid "Delete a client."
+msgstr ""
+
+#: ../../canaille 0a84345b85084835b5cfc942f94f174a consent:1 delete
+msgid "Delete a consent."
+msgstr ""
+
+#: ../../canaille d1a17434dbb747b1b98de64fee67a8fc delete group:1
+msgid "Delete a group."
+msgstr ""
+
+#: ../../canaille 975139d084dd4d2fa4d6ac65bd1e3691 delete token:1
+msgid "Delete a token."
+msgstr ""
+
+#: ../../canaille 10221b77423d4f309639da451e19f99f delete user:1
+msgid "Delete a user."
+msgstr ""
+
diff --git a/doc/locales/fr_FR/LC_MESSAGES/references/configuration.po b/doc/locales/fr_FR/LC_MESSAGES/references/configuration.po
new file mode 100644
index 00000000..36b8189d
--- /dev/null
+++ b/doc/locales/fr_FR/LC_MESSAGES/references/configuration.po
@@ -0,0 +1,836 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) 2024, Yaal Coop
+# This file is distributed under the same license as the canaille package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, 2024.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: canaille 0.0.56\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2024-11-22 15:37+0100\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language: fr_FR\n"
+"Language-Team: fr_FR <LL@li.org>\n"
+"Plural-Forms: nplurals=2; plural=(n > 1);\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Generated-By: Babel 2.16.0\n"
+
+#: ../../doc/references/configuration.rst:2 424d05c383324277a800335820e3fa6e
+msgid "Configuration"
+msgstr ""
+
+#: ../../doc/references/configuration.rst:5 5d68e755dda14103904b8038717bb5b4
+msgid "Load the configuration"
+msgstr ""
+
+#: ../../doc/references/configuration.rst:7 3138a09755a046a286748b624585f456
+msgid ""
+"Canaille can be configured either by a environment variables, environment"
+" file, or by a configuration file."
+msgstr ""
+
+#: ../../doc/references/configuration.rst:10 967fe546c7f64dffbed7e7ecbe6a425f
+msgid "Configuration file"
+msgstr ""
+
+#: ../../doc/references/configuration.rst:12 c60e21f322d14a3d8df3a5f80650198a
+msgid ""
+"The configuration can be written in `toml` configuration file which path "
+"is passed in the :envvar:`CONFIG` environment variable."
+msgstr ""
+
+#: ../../doc/references/configuration.rst:14
+#: ../../doc/references/configuration.rst:85 5598260f6347465c9a7f8818cb9d5a76
+#: c43d890510d8485fac81e8a1b72b9152 canaille.app.configuration.RootSettings:11
+#: e7e0deef51b24803a825cee5f2feeb6b of
+msgid "config.toml"
+msgstr ""
+
+#: ../../doc/references/configuration.rst:26 c223295f61c54f9eb7a25d9ec52a5a1e
+msgid ""
+"You can have a look at the :ref:`example file "
+"<references/configuration:Example file>` for inspiration."
+msgstr ""
+
+#: ../../doc/references/configuration.rst:29 1cf9a6f193e74d718c0dbea6ab02b7e5
+msgid "Environment variables"
+msgstr ""
+
+#: ../../doc/references/configuration.rst:31 21e22f7bcf484969bb578f6c6842a210
+msgid ""
+"In addition, parameters that have not been set in the configuration file "
+"can be read from environment variables. The way environment variables are"
+" parsed can be read from the `pydantic-settings documentation "
+"<https://docs.pydantic.dev/latest/concepts/pydantic_settings/#parsing-"
+"environment-variable-values>`_."
+msgstr ""
+
+#: ../../doc/references/configuration.rst:36 3e3b489d0d0f4fdebf21bf4c4418422b
+msgid ""
+"For environment vars, the separator between sections and variables is a "
+"double underscore: ``__``. For instance, the ``NAME`` var in the "
+"``CANAILLE`` section shown above is ``CANAILLE__NAME``."
+msgstr ""
+
+#: ../../doc/references/configuration.rst:40 bffb0a7bf9184ca092bd7f06798b5ed7
+msgid "Environment file"
+msgstr ""
+
+#: ../../doc/references/configuration.rst:42 79fb1890082d49969ca45b0b243c537c
+msgid ""
+"Any environment variable can also be written in a ``.env``, and will be "
+"read if present."
+msgstr ""
+
+#: ../../doc/references/configuration.rst:44 b9fc48127af945bda804aba757d7b7dd
+msgid ".env"
+msgstr ""
+
+#: ../../doc/references/configuration.rst:62 e16e03560b974996b92551623c3a4728
+msgid "Parameters"
+msgstr ""
+
+#: 8c93b32620244c1c89cca6d261768a39 canaille.app.configuration.RootSettings:1
+#: of
+msgid ""
+"The top-level namespace contains holds the configuration settings "
+"unrelated to Canaille."
+msgstr ""
+
+#: bdff9ee3326e47838fa870fa10d24a4a canaille.app.configuration.RootSettings:4
+#: of
+msgid "The configuration paramateres from the following libraries can be used:"
+msgstr ""
+
+#: 0048354dd402460d9058c80014afc3a8 canaille.app.configuration.RootSettings:6
+#: of
+msgid ":doc:`Flask <flask:config>`"
+msgstr ""
+
+#: 97eef56c269a4976af0d8331d4028832 canaille.app.configuration.RootSettings:7
+#: of
+msgid ":doc:`Flask-WTF <flask-wtf:config>`"
+msgstr ""
+
+#: 980d5034607445a8936e13289adb634a canaille.app.configuration.RootSettings:8
+#: of
+msgid ":doc:`Flask-Babel <flask-babel:index>`"
+msgstr ""
+
+#: b04bbf26f86c49539b0378da858e25c0 canaille.app.configuration.RootSettings:9
+#: of
+msgid ":doc:`Authlib <authlib:flask/2/authorization-server>`"
+msgstr ""
+
+#: ../../docstring canaille.app.configuration.RootSettings.DEBUG:1
+#: d2a0d7c0762940079150f885dec0d0e7 of
+msgid "The Flask :external:py:data:`DEBUG` configuration setting."
+msgstr ""
+
+#: ../../docstring 655fe302f2244cae8d4f7507b9bcf5ee
+#: canaille.app.configuration.RootSettings.DEBUG:3 of
+msgid "This enables debug options."
+msgstr ""
+
+#: ../../docstring 38930315245e43c8a21dea835f70de8a
+#: canaille.app.configuration.RootSettings.DEBUG:7 of
+msgid ""
+"This is useful for development but should be absolutely avoided in "
+"production environments."
+msgstr ""
+
+#: ../../docstring be190939a5b8407abc8051d973470b00
+#: canaille.app.configuration.RootSettings.PREFERRED_URL_SCHEME:1 of
+msgid "The Flask :external:py:data:`PREFERRED_URL_SCHEME` configuration setting."
+msgstr ""
+
+#: ../../docstring 8f1c5830bb7a4049a19023e8c78e2868
+#: canaille.app.configuration.RootSettings.PREFERRED_URL_SCHEME:4 of
+msgid "This sets the url scheme by which canaille will be served."
+msgstr ""
+
+#: ../../docstring b8116a14c0634f37a438a279518faf1b
+#: canaille.app.configuration.RootSettings.SECRET_KEY:1 of
+msgid "The Flask :external:py:data:`SECRET_KEY` configuration setting."
+msgstr ""
+
+#: ../../docstring 7899131820fe46ea8de0a235b307ab42
+#: canaille.app.configuration.RootSettings.SECRET_KEY:3 of
+msgid "You MUST change this."
+msgstr ""
+
+#: ../../docstring 625463c6bbe848c7977af2a13d58865e
+#: canaille.app.configuration.RootSettings.SERVER_NAME:1 of
+msgid "The Flask :external:py:data:`SERVER_NAME` configuration setting."
+msgstr ""
+
+#: ../../docstring 06598651788843eebda0b59e8eb7b2b1
+#: canaille.app.configuration.RootSettings.SERVER_NAME:3 of
+msgid "This sets domain name on which canaille will be served."
+msgstr ""
+
+#: 1c4603a9300b4baabfe80ba792d3e79a canaille.core.configuration.CoreSettings:1
+#: of
+msgid "The settings from the ``CANAILLE`` namespace."
+msgstr ""
+
+#: 84c7ae7efa5a47ad8789a59aa453354a canaille.core.configuration.CoreSettings:3
+#: of
+msgid ""
+"Those are all the configuration parameters that controls the behavior of "
+"Canaille."
+msgstr ""
+
+#: ../../docstring 9ddde712539a484d8d84b470795d5ea1
+#: canaille.core.configuration.CoreSettings.ACL:1 of
+msgid "Mapping of permission groups. See :class:`ACLSettings` for more details."
+msgstr ""
+
+#: ../../docstring 8cc6440505154248a19225a38dfa7d32
+#: canaille.core.configuration.CoreSettings.ACL:3 of
+msgid "The ACL name can be freely chosen. For example::"
+msgstr ""
+
+#: ../../docstring canaille.core.configuration.CoreSettings.ADMIN_EMAIL:1
+#: f6c14e52ce8f4c00834507e6f4274b8f of
+msgid "Administration email contact."
+msgstr ""
+
+#: ../../docstring c7ab87c0bfb34fc8b97870bbe1299631
+#: canaille.core.configuration.CoreSettings.ADMIN_EMAIL:3 of
+msgid ""
+"In certain special cases (example : questioning about password "
+"corruption), it is necessary to provide an administration contact email."
+msgstr ""
+
+#: ../../docstring 314eab36d7294cf0a47ed00aa7c84a0c
+#: canaille.core.configuration.CoreSettings.EMAIL_CONFIRMATION:1 of
+msgid ""
+"If :py:data:`True`, users will need to click on a confirmation link sent "
+"by email when they want to add a new email."
+msgstr ""
+
+#: ../../docstring b9c54b77527e411a8e1c313cd18ae3b2
+#: canaille.core.configuration.CoreSettings.EMAIL_CONFIRMATION:4 of
+msgid ""
+"By default, this is true if ``SMTP`` is configured, else this is false. "
+"If explicitly set to true and ``SMTP`` is disabled, the email field will "
+"be read-only."
+msgstr ""
+
+#: ../../docstring 9bd6dc224f794a3ab0af54733e45102c
+#: canaille.core.configuration.CoreSettings.ENABLE_PASSWORD_COMPROMISSION_CHECK:1
+#: of
+msgid ""
+"If :py:data:`True`, Canaille will check if passwords appears in "
+"compromission databases such as `HIBP <https://haveibeenpwned.com>`_ when"
+" users choose a new one."
+msgstr ""
+
+#: ../../docstring 4f2a32a147fd4df48e723c7b7cda2c2b
+#: canaille.core.configuration.CoreSettings.ENABLE_PASSWORD_RECOVERY:1 of
+msgid ""
+"If :py:data:`False`, then users cannot ask for a password recovery link "
+"by email."
+msgstr ""
+
+#: ../../docstring b40754c5a7354a7c8105ef95608cf381
+#: canaille.core.configuration.CoreSettings.ENABLE_REGISTRATION:1 of
+msgid ""
+"If :py:data:`True`, then users can freely create an account at this "
+"instance."
+msgstr ""
+
+#: ../../docstring 02798211a1944569b105076267bc34c9
+#: canaille.core.configuration.CoreSettings.ENABLE_REGISTRATION:4 of
+msgid ""
+"If email verification is available, users must confirm their email before"
+" the account is created."
+msgstr ""
+
+#: ../../docstring 3c2cbc6dbe0d4ba9acb99c6fd93ef0f9
+#: canaille.core.configuration.CoreSettings.FAVICON:1 of
+msgid "You favicon."
+msgstr ""
+
+#: ../../docstring 88c7ad9cd97949129cb8b2e58a149fc9
+#: canaille.core.configuration.CoreSettings.FAVICON:3 of
+msgid "If unset and :attr:`LOGO` is set, then the logo will be used."
+msgstr ""
+
+#: ../../docstring add94b3b94144337b44f24a644cc1430
+#: canaille.core.configuration.CoreSettings.HIDE_INVALID_LOGINS:1 of
+msgid ""
+"If :py:data:`True`, when users try to sign in with an invalid login, a "
+"message is shown indicating that the password is wrong, but does not give"
+" a clue whether the login exists or not."
+msgstr ""
+
+#: ../../docstring
+#: canaille.core.configuration.CoreSettings.HIDE_INVALID_LOGINS:5
+#: dcfa98e306544b75973c667a9944d89a of
+msgid ""
+"If :py:data:`False`, when a user tries to sign in with an invalid login, "
+"a message is shown indicating that the login does not exist."
+msgstr ""
+
+#: ../../docstring c1590e635df24e1486be1e562a5b0034
+#: canaille.core.configuration.CoreSettings.HTMX:1 of
+msgid "Accelerates webpages loading with asynchronous requests."
+msgstr ""
+
+#: ../../docstring 35b5c6a840a047cc87fa606818c7e7f4
+#: canaille.core.configuration.CoreSettings.INVITATION_EXPIRATION:1 of
+msgid "The validity duration of registration invitations, in seconds."
+msgstr ""
+
+#: ../../docstring
+#: canaille.core.configuration.CoreSettings.INVITATION_EXPIRATION:3
+#: f61374773e154a55ad905df27019923d of
+msgid "Defaults to 2 days."
+msgstr ""
+
+#: ../../docstring bd6c3be93bda402092ac6f3cfca24265
+#: canaille.core.configuration.CoreSettings.JAVASCRIPT:1 of
+msgid "Enables Javascript to smooth the user experience."
+msgstr ""
+
+#: ../../docstring 08e45b94110845a6a2cf237d5dd01508
+#: canaille.core.configuration.CoreSettings.LANGUAGE:1 of
+msgid "If a language code is set, it will be used for every user."
+msgstr ""
+
+#: ../../docstring 124a41b6ceeb47e3b952d23619d85139
+#: canaille.core.configuration.CoreSettings.LANGUAGE:3 of
+msgid "If unset, the language is guessed according to the users browser."
+msgstr ""
+
+#: ../../docstring 40ed5d3d85104c57a1b384eeb7aaef40
+#: canaille.core.configuration.CoreSettings.LOGGING:1 of
+msgid ""
+"Configures the logging output using the python logging configuration "
+"format:"
+msgstr ""
+
+#: ../../docstring 4df8127b60254f5bb0cc247c30469d27
+#: canaille.core.configuration.CoreSettings.LOGGING:3 of
+msgid ""
+"if :py:data:`None`, everything is logged in the standard error output the"
+" log level is :py:data:`~logging.DEBUG` if the "
+":attr:`~canaille.app.configuration.RootSettings.DEBUG` setting is "
+":py:data:`True`, else this is :py:data:`~logging.INFO`"
+msgstr ""
+
+#: ../../docstring 03db8dc130ad49e8b59d79e0f6aa9154
+#: canaille.core.configuration.CoreSettings.LOGGING:6 of
+msgid ""
+"if this is a :class:`dict`, it is passed to "
+":func:`logging.config.dictConfig`:"
+msgstr ""
+
+#: ../../docstring canaille.core.configuration.CoreSettings.LOGGING:7
+#: f00409f6957e42c29f599a74667becb2 of
+msgid ""
+"if this is a :class:`str`, it is expected to be a file path that will be "
+"passed to :func:`logging.config.fileConfig`"
+msgstr ""
+
+#: ../../docstring canaille.core.configuration.CoreSettings.LOGGING:10
+#: f45e3f7a67724ea9882d55fa6b07d3f6 of
+msgid "For example::"
+msgstr ""
+
+#: ../../docstring 23d3cf2c128d44fa8b149a6b3548a302
+#: canaille.core.configuration.CoreSettings.LOGO:1 of
+msgid ""
+"The logo of your organization, this is useful to make your organization "
+"recognizable on login screens."
+msgstr ""
+
+#: ../../docstring 6279cd5aa6ba484493c72cc708780ff2
+#: canaille.core.configuration.CoreSettings.MAX_PASSWORD_LENGTH:1 of
+msgid "Maximum length for user password."
+msgstr ""
+
+#: ../../docstring 6dda33511f5c41249a65ba949f5f422f
+#: canaille.core.configuration.CoreSettings.MAX_PASSWORD_LENGTH:3 of
+msgid ""
+"There is a technical limit with passlib used by sql database of 4096 "
+"characters. If the value entered is 0 or None, or greater than 4096, then"
+" 4096 will be retained."
+msgstr ""
+
+#: ../../docstring 8a907f495b1c4e059084f17f24bac4ac
+#: canaille.core.configuration.CoreSettings.MIN_PASSWORD_LENGTH:1 of
+msgid "Minimum length for user password."
+msgstr ""
+
+#: ../../docstring 78c7324a8e4f4cca974dfea5be0fc93d
+#: canaille.core.configuration.CoreSettings.MIN_PASSWORD_LENGTH:3 of
+msgid "It is possible not to set a minimum, by entering None or 0."
+msgstr ""
+
+#: ../../docstring b0bea46879234cb8a42cefca791fbb65
+#: canaille.core.configuration.CoreSettings.NAME:1 of
+msgid "Your organization name."
+msgstr ""
+
+#: ../../docstring c821d6608be5485fa7c3b9574007b964
+#: canaille.core.configuration.CoreSettings.NAME:3 of
+msgid "Used for display purpose."
+msgstr ""
+
+#: ../../docstring c53cf47a679b4844925c70c352dea0bf
+#: canaille.core.configuration.CoreSettings.PASSWORD_COMPROMISSION_CHECK_API_URL:1
+#: of
+msgid "Have i been pwned api url for compromission checks."
+msgstr ""
+
+#: ../../docstring 9990747398ac4f5895282ab305c072dc
+#: canaille.core.configuration.CoreSettings.SENTRY_DSN:1 of
+msgid "A `Sentry <https://sentry.io>`_ DSN to collect the exceptions."
+msgstr ""
+
+#: ../../docstring 790c865da20f435aa1be69714403de01
+#: canaille.core.configuration.CoreSettings.SENTRY_DSN:3 of
+msgid "This is useful for tracking errors in test and production environments."
+msgstr ""
+
+#: ../../docstring 85951eb2b027483eba736e336af20f81
+#: canaille.core.configuration.CoreSettings.SMTP:1 of
+msgid "The settings related to SMTP and mail configuration."
+msgstr ""
+
+#: ../../docstring c409cbcf49e7469ca8b2dd052c011a52
+#: canaille.core.configuration.CoreSettings.SMTP:3 of
+msgid "If unset, mail-related features like password recovery won't be enabled."
+msgstr ""
+
+#: ../../docstring 2cb83696c7f149289e9f3dbc012182ef
+#: canaille.core.configuration.CoreSettings.THEME:1 of
+msgid "The name of a theme in the 'theme' directory, or a path to a theme."
+msgstr ""
+
+#: ../../docstring b3d1237eb0144f97974e071fc00ea0b7
+#: canaille.core.configuration.CoreSettings.THEME:3 of
+msgid ""
+"Defaults to ``default``. Theming is done with `flask-themer "
+"<https://github.com/tktech/flask-themer>`_."
+msgstr ""
+
+#: ../../docstring b1e60d33d31a47f4bc40640338cb284b
+#: canaille.core.configuration.CoreSettings.TIMEZONE:1 of
+msgid ""
+"The timezone in which datetimes will be displayed to the users (e.g. "
+"``CEST``)."
+msgstr ""
+
+#: ../../docstring canaille.core.configuration.CoreSettings.TIMEZONE:4
+#: dc4cf4f473ea40a5bb1c9a049a3ca1e2 of
+msgid "If unset, the server timezone will be used."
+msgstr ""
+
+#: 06acb103d58a4e9786be0d9ccca36999 canaille.core.configuration.SMTPSettings:1
+#: of
+msgid ""
+"The SMTP configuration. Belong in the ``CANAILLE.SMTP`` namespace. If "
+"unset, mail related features will be disabled, such as mail verification "
+"or password recovery emails."
+msgstr ""
+
+#: 331241c793784690be8c9746d3366e56 canaille.core.configuration.SMTPSettings:5
+#: of
+msgid ""
+"By default, Canaille will try to send mails from localhost without "
+"authentication."
+msgstr ""
+
+#: ../../docstring 92f12abb0bac49e5867285e04a5c9d6a
+#: canaille.core.configuration.SMTPSettings.FROM_ADDR:1 of
+msgid "The sender for Canaille mails."
+msgstr ""
+
+#: ../../docstring 10b0c6ea9c92453cae3d9e33632a4ad4
+#: canaille.core.configuration.SMTPSettings.FROM_ADDR:3 of
+msgid "Some mail provider might require a valid sender address."
+msgstr ""
+
+#: ../../docstring 3535c00f832b4d2c964be48c7b91231b
+#: canaille.core.configuration.SMTPSettings.HOST:1 of
+msgid "The SMTP host."
+msgstr ""
+
+#: ../../docstring 652e684442a4480f8d5604a28e5f3ce8
+#: canaille.core.configuration.SMTPSettings.LOGIN:1 of
+msgid "The SMTP login."
+msgstr ""
+
+#: ../../docstring 8670279f8f9f4fbebc169da4c79f23a9
+#: canaille.core.configuration.SMTPSettings.PASSWORD:1 of
+msgid "The SMTP password."
+msgstr ""
+
+#: ../../docstring canaille.core.configuration.SMTPSettings.PORT:1
+#: e23e9bd935054912937b4a19c870e950 of
+msgid "The SMTP port."
+msgstr ""
+
+#: ../../docstring 610bdbb8787348feb7afed6f3d60c0c2
+#: canaille.core.configuration.SMTPSettings.SSL:1 of
+msgid "Whether to use SSL to connect to the SMTP server."
+msgstr ""
+
+#: ../../docstring 3cc08150a5ea4ed5ae2e0dc3c4fca472
+#: canaille.core.configuration.SMTPSettings.TLS:1 of
+msgid "Whether to use TLS to connect to the SMTP server."
+msgstr ""
+
+#: 62b3f9dcea0643de96b1ca7638f6a5e9 canaille.core.configuration.ACLSettings:1
+#: of
+msgid "Access Control List settings. Belong in the ``CANAILLE.ACL`` namespace."
+msgstr ""
+
+#: bdd0385786694ea6ab8802833275fa4e canaille.core.configuration.ACLSettings:3
+#: of
+msgid ""
+"You can define access controls that define what users can do on canaille "
+"An access control consists in a :attr:`FILTER` to match users, a list of "
+":attr:`PERMISSIONS` matched users will be able to perform, and fields "
+"users will be able to :attr:`READ` and :attr:`WRITE`. Users matching "
+"several filters will cumulate permissions."
+msgstr ""
+
+#: ../../docstring 1097669d2b994281b4d5d413097e0623
+#: canaille.core.configuration.ACLSettings.FILTER:1 of
+msgid ":attr:`FILTER` can be:"
+msgstr ""
+
+#: ../../docstring bb053c15eb704432bb84e56edeadf167
+#: canaille.core.configuration.ACLSettings.FILTER:3 of
+msgid ""
+":py:data:`None`, in which case all the users will match this access "
+"control"
+msgstr ""
+
+#: ../../docstring canaille.core.configuration.ACLSettings.FILTER:4
+#: cbdb019e3b284edf87da4f15d2b78bf4 of
+msgid ""
+"a mapping where keys are user attributes name and the values those user "
+"attribute values. All the values must be matched for the user to be part "
+"of the access control."
+msgstr ""
+
+#: ../../docstring canaille.core.configuration.ACLSettings.FILTER:7
+#: d4572cf46999451ca8cf28217ded5167 of
+msgid ""
+"a list of those mappings. If a user values match at least one mapping, "
+"then the user will be part of the access control"
+msgstr ""
+
+#: ../../docstring canaille.core.configuration.ACLSettings.FILTER:10
+#: fac47b79b4dd4a3da08e3237472a7b7d of
+msgid "Here are some examples::"
+msgstr ""
+
+#: ../../docstring 62ff0c3020c8448a944704b0062a8cb2
+#: canaille.core.configuration.ACLSettings.PERMISSIONS:1 of
+msgid ""
+"A list of :class:`Permission` users in the access control will be able to"
+" manage. For example::"
+msgstr ""
+
+#: ../../docstring 1099209ca53345d387496ab4312ed097
+#: canaille.core.configuration.ACLSettings.READ:1 of
+msgid ""
+"A list of :class:`~canaille.core.models.User` attributes that users in "
+"the ACL will be able to read."
+msgstr ""
+
+#: ../../docstring 58a9e524f70f4e7baf522ef1c8157e32
+#: canaille.core.configuration.ACLSettings.WRITE:1 of
+msgid ""
+"A list of :class:`~canaille.core.models.User` attributes that users in "
+"the ACL will be able to edit."
+msgstr ""
+
+#: canaille.core.configuration.Permission:1 e8e63c7026de41bcba4f2349159e7261 of
+msgid "The permissions that can be assigned to users."
+msgstr ""
+
+#: 9c4460d4bbf14419aa95957ca5a5e952 canaille.core.configuration.Permission:3 of
+msgid ""
+"The permissions are intended to be used in :attr:`ACLSettings "
+"<canaille.core.configuration.ACLSettings.PERMISSIONS>`."
+msgstr ""
+
+#: ../../docstring 7605a3b0da5e4979ac17a807d8134c54
+#: canaille.core.configuration.Permission.DELETE_ACCOUNT:1 of
+msgid "Allows users to delete their account."
+msgstr ""
+
+#: ../../docstring ae2fe25c6c344a97864852f01f57e296
+#: canaille.core.configuration.Permission.DELETE_ACCOUNT:3 of
+msgid ""
+"If used with "
+":attr:`~canaille.core.configuration.Permission.MANAGE_USERS`, users can "
+"delete any account."
+msgstr ""
+
+#: ../../docstring 82ed41275cc2499f994e6bc2dd5d1e3c
+#: canaille.core.configuration.Permission.EDIT_SELF:1 of
+msgid "Allows users to edit their own profile."
+msgstr ""
+
+#: ../../docstring canaille.core.configuration.Permission.IMPERSONATE_USERS:1
+#: fbc8c78392de4edcac1b152a1b08e63b of
+msgid "Allows users to take the identity of another user."
+msgstr ""
+
+#: ../../docstring 6884efcf056942198b52e3612b827d05
+#: canaille.core.configuration.Permission.MANAGE_GROUPS:1 of
+msgid "Allows group edition and creation."
+msgstr ""
+
+#: ../../docstring 38db5db2588046459a54a6a0fcbd608f
+#: canaille.core.configuration.Permission.MANAGE_OIDC:1 of
+msgid "Allows OpenID Connect client managements."
+msgstr ""
+
+#: ../../docstring 902c5fb366a74c5a9a03ad5fcd2e6cf1
+#: canaille.core.configuration.Permission.MANAGE_USERS:1 of
+msgid "Allows other users management."
+msgstr ""
+
+#: ../../docstring 96fbdc9c5ccf421db8c2e110eb59536a
+#: canaille.core.configuration.Permission.USE_OIDC:1 of
+msgid "Allows OpenID Connect authentication."
+msgstr ""
+
+#: canaille.oidc.configuration.OIDCSettings:1 f949952a659545e6a0eb5e7df32b2619
+#: of
+msgid "OpenID Connect settings."
+msgstr ""
+
+#: 8396f08e1b0e42ec94c732847bea4bfc canaille.oidc.configuration.OIDCSettings:3
+#: of
+msgid "Belong in the ``CANAILLE_OIDC`` namespace."
+msgstr ""
+
+#: ../../docstring 70c636d7dae842b09d6533627f4b65e2
+#: canaille.oidc.configuration.OIDCSettings.DYNAMIC_CLIENT_REGISTRATION_OPEN:1
+#: of
+msgid "Whether a token is needed for the RFC7591 dynamical client registration."
+msgstr ""
+
+#: ../../docstring
+#: canaille.oidc.configuration.OIDCSettings.DYNAMIC_CLIENT_REGISTRATION_OPEN:3
+#: e333e90c5649498b9d34e691efcd8ab5 of
+msgid ""
+"If :py:data:`True`, no token is needed to register a client. If "
+":py:data:`False`, dynamical client registration needs a token defined in "
+":attr:`DYNAMIC_CLIENT_REGISTRATION_TOKENS`."
+msgstr ""
+
+#: ../../docstring 70e5e4ec0dc64daba69f85bf4ec84708
+#: canaille.oidc.configuration.OIDCSettings.DYNAMIC_CLIENT_REGISTRATION_TOKENS:1
+#: of
+msgid "A list of tokens that can be used for dynamic client registration."
+msgstr ""
+
+#: ../../docstring 5418fb5b02384cc29f1426c4c1d30759
+#: canaille.oidc.configuration.OIDCSettings.JWT:1 of
+msgid "JSON Web Token settings."
+msgstr ""
+
+#: ../../docstring canaille.oidc.configuration.OIDCSettings.REQUIRE_NONCE:1
+#: e928ff6b3928470e8ad7c82caa4a3d07 of
+msgid "Force the nonce exchange during the authentication flows."
+msgstr ""
+
+#: ../../docstring 7359057f9f5d43f1a42cd646a4300f42
+#: canaille.oidc.configuration.OIDCSettings.REQUIRE_NONCE:3 of
+msgid "This adds security but may not be supported by all clients."
+msgstr ""
+
+#: 27a60f8e093d4917ac66b7d131143b97 canaille.oidc.configuration.JWTSettings:1
+#: of
+msgid "JSON Web Token settings. Belong in the ``CANAILLE_OIDC.JWT`` namespace."
+msgstr ""
+
+#: 3764ee3b65474edf8ebb66a6c372c243 canaille.oidc.configuration.JWTSettings:3
+#: of
+msgid "You can generate a RSA keypair with::"
+msgstr ""
+
+#: ../../docstring a1a6dcd429094759b1efb11226baf5a2
+#: canaille.oidc.configuration.JWTSettings.ALG:1 of
+msgid "The key algorithm."
+msgstr ""
+
+#: ../../docstring canaille.oidc.configuration.JWTSettings.EXP:1
+#: dd523d20e02b48cdb29cbc016cf04c7b of
+msgid "The time the JWT will be valid, in seconds."
+msgstr ""
+
+#: ../../docstring canaille.oidc.configuration.JWTSettings.ISS:1
+#: f0cf8022dba44fbd8663ad45a1888b91 of
+msgid "The URI of the identity provider."
+msgstr ""
+
+#: ../../docstring 8028f588edca4da58a09dc75ca349aba
+#: canaille.oidc.configuration.JWTSettings.KTY:1 of
+msgid "The key type."
+msgstr ""
+
+#: ../../docstring 41e83a2048a44f919950e1750910a1d0
+#: canaille.oidc.configuration.JWTSettings.PRIVATE_KEY:1 of
+msgid "The private key."
+msgstr ""
+
+#: ../../docstring 7348c4741ca84317877a04bdf03d99ae
+#: bd2c3564a3af4101abb4393b1aac729c
+#: canaille.oidc.configuration.JWTSettings.PRIVATE_KEY:3
+#: canaille.oidc.configuration.JWTSettings.PUBLIC_KEY:3 of
+msgid ""
+"If :py:data:`None` and debug mode is enabled, then an in-memory key will "
+"be used."
+msgstr ""
+
+#: ../../docstring b7a0baa78585417d8dcdbe96a8b98583
+#: canaille.oidc.configuration.JWTSettings.PUBLIC_KEY:1 of
+msgid "The public key."
+msgstr ""
+
+#: a9d6eabbdca247c2af37e29d96568a03
+#: canaille.oidc.configuration.JWTMappingSettings:1 of
+msgid "Mapping between the user model and the JWT fields."
+msgstr ""
+
+#: 886826dc265c4c7cb8766afe83095133
+#: canaille.oidc.configuration.JWTMappingSettings:3 of
+msgid "Fields are evaluated with jinja. A ``user`` var is available."
+msgstr ""
+
+#: 9590d902318d4c8580d37bbcd979932a
+#: canaille.backends.sql.configuration.SQLSettings:1 of
+msgid "Settings related to the SQL backend."
+msgstr ""
+
+#: 15c8d7294eff4cb0aad980f15edac5a9
+#: canaille.backends.sql.configuration.SQLSettings:3 of
+msgid "Belong in the ``CANAILLE_SQL`` namespace."
+msgstr ""
+
+#: ../../docstring 8b41da4ffa2646dcb6cd9b93a4807cf3
+#: canaille.backends.sql.configuration.SQLSettings.DATABASE_URI:1 of
+msgid "The SQL server URI. For example::"
+msgstr ""
+
+#: b0bc548513934f1da3667d30279d82c4
+#: canaille.backends.ldap.configuration.LDAPSettings:1 of
+msgid "Settings related to the LDAP backend."
+msgstr ""
+
+#: 49283fbc5e9a4eb7a3dcebf404cc3870
+#: canaille.backends.ldap.configuration.LDAPSettings:3 of
+msgid "Belong in the ``CANAILLE_LDAP`` namespace."
+msgstr ""
+
+#: ../../docstring 8824324541e74294beab8b504d38368a
+#: canaille.backends.ldap.configuration.LDAPSettings.BIND_DN:1 of
+msgid "The LDAP bind DN."
+msgstr ""
+
+#: ../../docstring 40026a12323e48a3a0753e08ca363e83
+#: canaille.backends.ldap.configuration.LDAPSettings.BIND_PW:1 of
+msgid "The LDAP bind password."
+msgstr ""
+
+#: ../../docstring a7e3ac64d2044be3ab6c5d2d293db37d
+#: canaille.backends.ldap.configuration.LDAPSettings.GROUP_BASE:1 of
+msgid "The LDAP node under which groups will be looked for and saved."
+msgstr ""
+
+#: ../../docstring bda60eee8e474c65925adb75f0e02164
+#: canaille.backends.ldap.configuration.LDAPSettings.GROUP_BASE:3 of
+msgid "For instance `\"ou=groups,dc=mydomain,dc=tld\"`."
+msgstr ""
+
+#: ../../docstring 68bffd35121746e8bfbb70d05a8c176b
+#: canaille.backends.ldap.configuration.LDAPSettings.GROUP_CLASS:1 of
+msgid "The object class to use for creating new groups."
+msgstr ""
+
+#: ../../docstring
+#: canaille.backends.ldap.configuration.LDAPSettings.GROUP_NAME_ATTRIBUTE:1
+#: f33128abab5f4ce59d431244a8c757ea of
+msgid "The attribute to use to identify a group."
+msgstr ""
+
+#: ../../docstring 9292125ade5c4f9e912f543664860791
+#: canaille.backends.ldap.configuration.LDAPSettings.GROUP_RDN:1 of
+msgid "The attribute to identify an object in the Group DN."
+msgstr ""
+
+#: ../../docstring 813682b1e3b54072ab07e295c38b2fbc
+#: canaille.backends.ldap.configuration.LDAPSettings.ROOT_DN:1 of
+msgid "The LDAP root DN."
+msgstr ""
+
+#: ../../docstring 2e43c3ede5a54158abcc1bb480b98026
+#: canaille.backends.ldap.configuration.LDAPSettings.TIMEOUT:1 of
+msgid "The LDAP connection timeout."
+msgstr ""
+
+#: ../../docstring canaille.backends.ldap.configuration.LDAPSettings.URI:1
+#: cda749d2c3be41e3928f0e759f206889 of
+msgid "The LDAP server URI."
+msgstr ""
+
+#: ../../docstring 7b97343c77204e699fc3961a28bf66fc
+#: canaille.backends.ldap.configuration.LDAPSettings.USER_BASE:1 of
+msgid "The LDAP node under which users will be looked for and saved."
+msgstr ""
+
+#: ../../docstring
+#: canaille.backends.ldap.configuration.LDAPSettings.USER_BASE:3
+#: ea6864b7befc4c46a1a463a3df375e57 of
+msgid "For instance `ou=users,dc=mydomain,dc=tld`."
+msgstr ""
+
+#: ../../docstring
+#: canaille.backends.ldap.configuration.LDAPSettings.USER_CLASS:1
+#: d749e90737ba453393324ade8c1e9b9f of
+msgid "The object class to use for creating new users."
+msgstr ""
+
+#: ../../docstring 1b1aeacb6c754ecd871e160f614ebe30
+#: canaille.backends.ldap.configuration.LDAPSettings.USER_FILTER:1 of
+msgid "Filter to match users on sign in."
+msgstr ""
+
+#: ../../docstring 7d7bade071b84039810c29d01ee7af4e
+#: canaille.backends.ldap.configuration.LDAPSettings.USER_FILTER:3 of
+msgid ""
+"For instance ``(|(uid={{ login }})(mail={{ login }}))``. Jinja syntax is "
+"supported and a ``login`` variable is available, containing the value "
+"passed in the login field."
+msgstr ""
+
+#: ../../docstring canaille.backends.ldap.configuration.LDAPSettings.USER_RDN:1
+#: fbb6d8c8e73946e8ae9d0b5b8ef6ac7a of
+msgid "The attribute to identify an object in the User DN."
+msgstr ""
+
+#: ../../doc/references/configuration.rst:81 c71a6c99d5c649468d25d73245d1ce81
+msgid "Example file"
+msgstr ""
+
+#: ../../doc/references/configuration.rst:83 e3d5ff7b824e465fa78cf064e047e2bf
+msgid "Here is a configuration file example:"
+msgstr ""
+
diff --git a/doc/locales/fr_FR/LC_MESSAGES/references/index.po b/doc/locales/fr_FR/LC_MESSAGES/references/index.po
new file mode 100644
index 00000000..40b7a034
--- /dev/null
+++ b/doc/locales/fr_FR/LC_MESSAGES/references/index.po
@@ -0,0 +1,25 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) 2024, Yaal Coop
+# This file is distributed under the same license as the canaille package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, 2024.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: canaille 0.0.56\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2024-11-22 15:37+0100\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language: fr_FR\n"
+"Language-Team: fr_FR <LL@li.org>\n"
+"Plural-Forms: nplurals=2; plural=(n > 1);\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Generated-By: Babel 2.16.0\n"
+
+#: ../../doc/references/index.rst:2 449c3088548a4de39932e3c9abadb987
+msgid "References"
+msgstr ""
+
diff --git a/doc/locales/fr_FR/LC_MESSAGES/references/models.po b/doc/locales/fr_FR/LC_MESSAGES/references/models.po
new file mode 100644
index 00000000..10fb2863
--- /dev/null
+++ b/doc/locales/fr_FR/LC_MESSAGES/references/models.po
@@ -0,0 +1,948 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) 2024, Yaal Coop
+# This file is distributed under the same license as the canaille package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, 2024.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: canaille 0.0.56\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2024-11-22 15:37+0100\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language: fr_FR\n"
+"Language-Team: fr_FR <LL@li.org>\n"
+"Plural-Forms: nplurals=2; plural=(n > 1);\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Generated-By: Babel 2.16.0\n"
+
+#: ../../doc/references/models.rst:2 4f4f811264a14208af46aa08dc0f739f
+msgid "Data models"
+msgstr ""
+
+#: ../../doc/references/models.rst:4 86ad2ccc4f484fea9172dc9a03dd1685
+msgid ""
+"This reference details the data models used by Canaille. This is mostly "
+"useful for developers."
+msgstr ""
+
+#: 3d8d635f39f9417a8093033c65f5cfd8 canaille.backends.models.BackendModel:1
+#: canaille.backends.models.Model:1 cea30ce00d3c4b9aa2a4a90bf5ca1b2e of
+msgid "Bases: :py:class:`object`"
+msgstr ""
+
+#: 63116ed6c91d453699c088d731caf20a canaille.backends.models.BackendModel:1 of
+msgid "The backend model abstract class."
+msgstr ""
+
+#: canaille.backends.models.BackendModel:3 f4524953577a49bf8678c8b188e5adb6 of
+msgid ""
+"It details all the methods and attributes that are expected to be "
+"implemented for every model and for every backend."
+msgstr ""
+
+#: a6aaa68e16874197bf3e39cf89b6a036 canaille.backends.models.Model:1 of
+msgid "The model abstract class."
+msgstr ""
+
+#: canaille.backends.models.Model:3 da1fe57e308a48d78e0e83fe63c8b3c6 of
+msgid "It details all the common attributes shared by every models."
+msgstr ""
+
+#: ../../docstring 7f5c0dd217f74ea7b921ab45afa69827
+#: canaille.backends.models.Model.created:1 of
+msgid ""
+"The :class:`~datetime.datetime` that the resource was added to the "
+"service provider."
+msgstr ""
+
+#: ../../docstring 04708c2ef09846e3878f0ff1e3d633fe
+#: canaille.backends.models.Model.id:1 of
+msgid ""
+"A unique identifier for a SCIM resource as defined by the service "
+"provider. Id will be :py:data:`None` until the "
+":meth:`~canaille.backends.models.BackendModel.save` method is called."
+msgstr ""
+
+#: ../../docstring canaille.backends.models.Model.id:5
+#: d8ccb6e0f9084dd8b3c0f2ca54639181 of
+msgid ""
+"Each representation of the resource MUST include a non-empty \"id\" "
+"value.  This identifier MUST be unique across the SCIM service provider's"
+" entire set of resources.  It MUST be a stable, non- reassignable "
+"identifier that does not change when the same resource is returned in "
+"subsequent requests.  The value of the \"id\" attribute is always issued "
+"by the service provider and MUST NOT be specified by the client.  The "
+"string \"bulkId\" is a reserved keyword and MUST NOT be used within any "
+"unique identifier value.  The attribute characteristics are \"caseExact\""
+" as \"true\", a mutability of \"readOnly\", and a \"returned\" "
+"characteristic of \"always\".  See Section 9 for additional "
+"considerations regarding privacy."
+msgstr ""
+
+#: 020241a96a474546ae111c3ea3191e86 canaille.backends.models.Model.identifier:1
+#: of
+msgid "Returns a unique value that will be used to identify the model instance."
+msgstr ""
+
+#: 231d639f48f94e48bcedad9f668a9356 canaille.backends.models.Model.identifier:4
+#: of
+msgid ""
+"This value will be used in URLs in canaille, so it should be unique and "
+"short."
+msgstr ""
+
+#: ../../docstring canaille.backends.models.Model.last_modified:1
+#: d8b60486668f4266a8791d7c7cfbf39c of
+msgid ""
+"The most recent :class:`~datetime.datetime` that the details of this "
+"resource were updated at the service provider."
+msgstr ""
+
+#: ../../docstring 6a9d98cacf2c416b85166e3a0aec85fd
+#: canaille.backends.models.Model.last_modified:4 of
+msgid ""
+"If this resource has never been modified since its initial creation, the "
+"value MUST be the same as the value of "
+":attr:`~canaille.backends.models.Model.created`."
+msgstr ""
+
+#: 5f668d908027491b83f43d47569cab63 69589482ca65403ca8e743b646c9226c
+#: 8876abfe97934f2284562899c84595eb a29dec25115a43c794775e581331c082
+#: canaille.core.models.Group:1 canaille.core.models.User:1
+#: canaille.oidc.basemodels.AuthorizationCode:1
+#: canaille.oidc.basemodels.Client:1 canaille.oidc.basemodels.Consent:1
+#: canaille.oidc.basemodels.Token:1 ce9d675b71084e3dbc3655cd504a4c6b
+#: fae1f8c6af6b466ba27a3a588206e54f of
+msgid "Bases: :py:class:`~canaille.backends.models.Model`"
+msgstr ""
+
+#: b68f1d5863af434d84f2dd1f2274da3f canaille.core.models.Group:1 of
+msgid ""
+"User model, based on the `SCIM Group schema "
+"<https://datatracker.ietf.org/doc/html/rfc7643#section-4.2>`_."
+msgstr ""
+
+#: ../../docstring 5cb994b4454747b3a666042ac273eb54
+#: canaille.core.models.Group.display_name:1 of
+msgid "A human-readable name for the Group."
+msgstr ""
+
+#: ../../docstring 4e19158978d64e339bbebfe89187fda4
+#: canaille.core.models.Group.display_name:3
+#: canaille.oidc.basemodels.Client.client_id:1 e5c85cd76a0e45e89978c6b631a162fb
+#: of
+msgid "REQUIRED."
+msgstr ""
+
+#: ../../docstring c2575699ceae4913afedd4f3e627f4d3
+#: canaille.core.models.Group.members:1 of
+msgid "A list of members of the Group."
+msgstr ""
+
+#: ../../docstring canaille.core.models.Group.members:3
+#: e3f8e66541d7400585c45538dd4e1768 of
+msgid ""
+"While values MAY be added or removed, sub-attributes of members are "
+"\"immutable\".  The \"value\" sub-attribute contains the value of an "
+"\"id\" attribute of a SCIM resource, and the \"$ref\" sub-attribute must "
+"be the URI of a SCIM resource such as a \"User\", or a \"Group\".  The "
+"intention of the \"Group\" type is to allow the service provider to "
+"support nested groups.  Service providers MAY require clients to provide "
+"a non-empty value by setting the \"required\" attribute characteristic of"
+" a sub-attribute of the \"members\" attribute in the \"Group\" resource "
+"schema."
+msgstr ""
+
+#: b5df55612ee34e12a13d0a7917b38d09 canaille.core.models.User:1 of
+msgid ""
+"User model, based on the `SCIM User schema "
+"<https://datatracker.ietf.org/doc/html/rfc7643#section-4.1>`_, "
+"`Entreprise User Schema Extension "
+"<https://datatracker.ietf.org/doc/html/rfc7643#section-4.3>`_ and `SCIM "
+"Password Management Extension <https://datatracker.ietf.org/doc/html"
+"/draft-hunt-scim-password-mgmt-00.html>`_ draft. Attribute description is"
+" based on SCIM and put there for information purpose. The description may"
+" not fit the current implementation in Canaille."
+msgstr ""
+
+#: 3f76320039b1471fa3d303706bbafa21 canaille.core.models.User.can:1 of
+msgid ""
+"Whether or not the user has the "
+":class:`~canaille.core.configuration.Permission` according to the "
+":class:`configuration <canaille.core.configuration.ACLSettings>`."
+msgstr ""
+
+#: ../../docstring canaille.core.models.User.department:1
+#: d3b2c286ea6e4fc6bc807a167a2c7fb9 of
+msgid "Identifies the name of a department."
+msgstr ""
+
+#: ../../docstring 6c7b40d8ba934aacbeb56018b53fe48e
+#: canaille.core.models.User.display_name:1 of
+msgid "The name of the user, suitable for display to end-users."
+msgstr ""
+
+#: ../../docstring 9c9639c9bdd747b8bceb5a5302fa2d34
+#: canaille.core.models.User.display_name:3 of
+msgid ""
+"Each user returned MAY include a non-empty displayName value.  The name "
+"SHOULD be the full name of the User being described, if known (e.g., "
+"\"Babs Jensen\" or \"Ms. Barbara J Jensen, III\") but MAY be a username "
+"or handle, if that is all that is available (e.g., \"bjensen\").  The "
+"value provided SHOULD be the primary textual label by which this User is "
+"normally displayed by the service provider when presenting it to end-"
+"users."
+msgstr ""
+
+#: ../../docstring 9c0fab528d5542f5846331d9cb490996
+#: canaille.core.models.User.emails:1 of
+msgid "Email addresses for the User."
+msgstr ""
+
+#: ../../docstring 4346ea844ff94ace979c35990baa285d
+#: canaille.core.models.User.emails:3 of
+msgid ""
+"The value SHOULD be specified according to [RFC5321].  Service providers "
+"SHOULD canonicalize the value according to [RFC5321], e.g., "
+"\"bjensen@example.com\" instead of \"bjensen@EXAMPLE.COM\".  The "
+"\"display\" sub-attribute MAY be used to return the canonicalized "
+"representation of the email value. The \"type\" sub-attribute is used to "
+"provide a classification meaningful to the (human) user.  The user "
+"interface should encourage the use of basic values of \"work\", \"home\","
+" and \"other\" and MAY allow additional type values to be used at the "
+"discretion of SCIM clients."
+msgstr ""
+
+#: ../../docstring 6a1f48ce3e5542d6bdd155c1e90d2856
+#: canaille.core.models.User.employee_number:1 of
+msgid ""
+"A string identifier, typically numeric or alphanumeric, assigned to a "
+"person, typically based on order of hire or association with an "
+"organization."
+msgstr ""
+
+#: ../../docstring 2fe990abc285421b926f43792db8318d
+#: canaille.core.models.User.family_name:1 of
+msgid ""
+"The family name of the User, or last name in most Western languages "
+"(e.g., \"Jensen\" given the full name \"Ms. Barbara Jane Jensen, III\")."
+msgstr ""
+
+#: ../../docstring canaille.core.models.User.formatted_address:1
+#: de06c1dda5594f7f911f6085f2bf30bd of
+msgid ""
+"The full mailing address, formatted for display or use with a mailing "
+"label."
+msgstr ""
+
+#: ../../docstring 8b94760c15f746ddb944a77ac25a9ce0
+#: canaille.core.models.User.formatted_address:4 of
+msgid "This attribute MAY contain newlines."
+msgstr ""
+
+#: ../../docstring canaille.core.models.User.formatted_name:1
+#: e90822537c784a218e13ecd2327f4032 of
+msgid ""
+"The full name, including all middle names, titles, and suffixes as "
+"appropriate, formatted for display (e.g., \"Ms. Barbara Jane Jensen, "
+"III\")."
+msgstr ""
+
+#: ../../docstring 8ae81deab78d46229cb7034af9d3a71c
+#: canaille.core.models.User.given_name:1 of
+msgid ""
+"The given name of the User, or first name in most Western languages "
+"(e.g., \"Barbara\" given the full name \"Ms. Barbara Jane Jensen, III\")."
+msgstr ""
+
+#: ../../docstring 8ac614afa7d7492b9ff3c34926139337
+#: canaille.core.models.User.groups:1 of
+msgid ""
+"A list of groups to which the user belongs, either through direct "
+"membership, through nested groups, or dynamically calculated."
+msgstr ""
+
+#: ../../docstring 64ecefbdac514114b98ab34eb6b18d86
+#: canaille.core.models.User.groups:4 of
+msgid ""
+"The values are meant to enable expression of common group-based or role-"
+"based access control models, although no explicit authorization model is "
+"defined.  It is intended that the semantics of group membership and any "
+"behavior or authorization granted as a result of membership are defined "
+"by the service provider.  The canonical types \"direct\" and \"indirect\""
+" are defined to describe how the group membership was derived.  Direct "
+"group membership indicates that the user is directly associated with the "
+"group and SHOULD indicate that clients may modify membership through the "
+"\"Group\" resource. Indirect membership indicates that user membership is"
+" transitive or dynamic and implies that clients cannot modify indirect "
+"group membership through the \"Group\" resource but MAY modify direct "
+"group membership through the \"Group\" resource, which may influence "
+"indirect memberships.  If the SCIM service provider exposes a \"Group\" "
+"resource, the \"value\" sub-attribute MUST be the \"id\", and the "
+"\"$ref\" sub-attribute must be the URI of the corresponding \"Group\" "
+"resources to which the user belongs.  Since this attribute has a "
+"mutability of \"readOnly\", group membership changes MUST be applied via "
+"the \"Group\" Resource (Section 4.2).  This attribute has a mutability of"
+" \"readOnly\"."
+msgstr ""
+
+#: 32921c5be2af4fd59bc8712a4071b310 canaille.core.models.User.has_password:1 of
+msgid "Check whether a password has been set for the user."
+msgstr ""
+
+#: ../../docstring a4d5f217e56048b294e83da6122343b8
+#: canaille.core.models.User.locality:1 of
+msgid "The city or locality component."
+msgstr ""
+
+#: ../../docstring 68d7a39110204de29ed183c56659c5df
+#: canaille.core.models.User.lock_date:1 of
+msgid "A DateTime indicating when the resource was locked."
+msgstr ""
+
+#: ba543c6c70264b638dc437b2bd20769c canaille.core.models.User.locked:1 of
+msgid "Whether the user account has been locked or has expired."
+msgstr ""
+
+#: ../../docstring c2eb1949f9704bd0bfe177df71b2dcde
+#: canaille.core.models.User.organization:1 of
+msgid "Identifies the name of an organization."
+msgstr ""
+
+#: ../../docstring a523a6b41e3d48e0a7c179fd2a236c59
+#: canaille.core.models.User.password:1 of
+msgid ""
+"This attribute is intended to be used as a means to set, replace, or "
+"compare (i.e., filter for equality) a password.  The cleartext value or "
+"the hashed value of a password SHALL NOT be returnable by a service "
+"provider.  If a service provider holds the value locally, the value "
+"SHOULD be hashed.  When a password is set or changed by the client, the "
+"cleartext password SHOULD be processed by the service provider as "
+"follows:"
+msgstr ""
+
+#: ../../docstring 5ecbdffadb59485a8135fcbc0d0bbf99
+#: canaille.core.models.User.password:9 of
+msgid ""
+"Prepare the cleartext value for international language comparison.  See "
+"Section 7.8 of [RFC7644]."
+msgstr ""
+
+#: ../../docstring 6cbc065374cf47e69971c823f67b2c34
+#: canaille.core.models.User.password:12 of
+msgid ""
+"Validate the value against server password policy.  Note: The definition "
+"and enforcement of password policy are beyond the scope of this document."
+msgstr ""
+
+#: ../../docstring 4c354c83ceb04fe39b2845ca70317fe9
+#: canaille.core.models.User.password:16 of
+msgid ""
+"Ensure that the value is encrypted (e.g., hashed).  See Section 9.2 for "
+"acceptable hashing and encryption handling when storing or persisting for"
+" provisioning workflow reasons."
+msgstr ""
+
+#: ../../docstring 3b4d469de19c469bb9c24dc3cf694e20
+#: canaille.core.models.User.password:20 of
+msgid ""
+"A service provider that immediately passes the cleartext value on to "
+"another system or programming interface MUST pass the value directly over"
+" a secured connection (e.g., Transport Layer Security (TLS)).  If the "
+"value needs to be temporarily persisted for a period of time (e.g., "
+"because of a workflow) before provisioning, then the value MUST be "
+"protected by some method, such as encryption."
+msgstr ""
+
+#: ../../docstring 2d7021ce458a44919b848545526f767f
+#: canaille.core.models.User.password:28 of
+msgid ""
+"Testing for an equality match MAY be supported if there is an existing "
+"stored hashed value.  When testing for equality, the service provider:"
+msgstr ""
+
+#: ../../docstring 656c0f86ad244b6eb25f35d2ae6b3f56
+#: canaille.core.models.User.password:32 of
+msgid ""
+"Prepares the filter value for international language comparison.  See "
+"Section 7.8 of [RFC7644]."
+msgstr ""
+
+#: ../../docstring 145c3c799b3542969e443e85dbd6a473
+#: canaille.core.models.User.password:35 of
+msgid ""
+"Generates the salted hash of the filter value and tests for a match with "
+"the locally held value."
+msgstr ""
+
+#: ../../docstring 8c7c1fcc8a2c40ddb28827f5d90e609a
+#: canaille.core.models.User.password:38 of
+msgid ""
+"The mutability of the password attribute is \"writeOnly\", indicating "
+"that the value MUST NOT be returned by a service provider in any form "
+"(the attribute characteristic \"returned\" is \"never\")."
+msgstr ""
+
+#: ../../docstring canaille.core.models.User.phone_numbers:1
+#: f6270635316b47c0a082bc419e9f3d50 of
+msgid "Phone numbers for the user."
+msgstr ""
+
+#: ../../docstring 0e5dd015ff6445b0ad2d657e3c478a60
+#: canaille.core.models.User.phone_numbers:3 of
+msgid ""
+"The value SHOULD be specified according to the format defined in "
+"[RFC3966], e.g., 'tel:+1-201-555-0123'.  Service providers SHOULD "
+"canonicalize the value according to [RFC3966] format, when appropriate.  "
+"The \"display\" sub-attribute MAY be used to return the canonicalized "
+"representation of the phone number value.  The sub- attribute \"type\" "
+"often has typical values of \"work\", \"home\", \"mobile\", \"fax\", "
+"\"pager\", and \"other\" and MAY allow more types to be defined by the "
+"SCIM clients."
+msgstr ""
+
+#: ../../docstring b4393fc3b75d4cc7a2f4a12ea66f570e
+#: canaille.core.models.User.photo:1 of
+msgid ""
+"A URI that is a uniform resource locator (as defined in Section 1.1.3 of "
+"[RFC3986]) that points to a resource location representing the user's "
+"image."
+msgstr ""
+
+#: ../../docstring 29a0cbb891f54b0f8cb2bbb1c1dfd13f
+#: canaille.core.models.User.photo:5 of
+msgid ""
+"The resource MUST be a file (e.g., a GIF, JPEG, or PNG image file) rather"
+" than a web page containing an image.  Service providers MAY return the "
+"same image in different sizes, although it is recognized that no standard"
+" for describing images of various sizes currently exists.  Note that this"
+" attribute SHOULD NOT be used to send down arbitrary photos taken by this"
+" user; instead, profile photos of the user that are suitable for display "
+"when describing the user should be sent. Instead of the standard "
+"canonical values for type, this attribute defines the following canonical"
+" values to represent popular photo sizes: \"photo\" and \"thumbnail\"."
+msgstr ""
+
+#: ../../docstring 4dd6128b926146c28e324323b623bb34
+#: canaille.core.models.User.postal_code:1 of
+msgid "The zip code or postal code component."
+msgstr ""
+
+#: ../../docstring 04b523711b5442bcbe64131a0508dedd
+#: canaille.core.models.User.preferred_language:1 of
+msgid ""
+"Indicates the user's preferred written or spoken languages and is "
+"generally used for selecting a localized user interface."
+msgstr ""
+
+#: ../../docstring canaille.core.models.User.preferred_language:4
+#: e1772c7ebcd44649bf29311713835b49 of
+msgid ""
+"The value indicates the set of natural languages that are preferred. The "
+"format of the value is the same as the HTTP Accept-Language header field "
+"(not including \"Accept-Language:\") and is specified in Section 5.3.5 of"
+" [RFC7231].  The intent of this value is to enable cloud applications to "
+"perform matching of language tags [RFC4647] to the user's language "
+"preferences, regardless of what may be indicated by a user agent (which "
+"might be shared), or in an interaction that does not involve a user (such"
+" as in a delegated OAuth 2.0 [RFC6749] style interaction) where normal "
+"HTTP Accept-Language header negotiation cannot take place."
+msgstr ""
+
+#: ../../docstring 6aa9c30d875f4ab5bcbfc7bee601f517
+#: canaille.core.models.User.profile_url:1 of
+msgid ""
+"A URI that is a uniform resource locator (as defined in Section 1.1.3 of "
+"[RFC3986]) and that points to a location representing the user's online "
+"profile (e.g., a web page)."
+msgstr ""
+
+#: ../../docstring canaille.core.models.User.profile_url:5
+#: fc7d54c2056b44aba5e2b2bd60e33a21 of
+msgid "URIs are canonicalized per Section 6.2 of [RFC3986]."
+msgstr ""
+
+#: 8edaeac977064f1b874aeb0682c95aad canaille.core.models.User.readable_fields:1
+#: of
+msgid ""
+"The fields the user can read according to the :class:`configuration "
+"<canaille.core.configuration.ACLSettings>` configuration."
+msgstr ""
+
+#: 0cc7f45175d04ae78b035d1ca4a589c8 canaille.core.models.User.readable_fields:4
+#: of
+msgid ""
+"This does not include the :attr:`writable "
+"<canaille.core.models.User.writable_fields>` fields."
+msgstr ""
+
+#: ../../docstring 4146c490dcf2422d8c284a1c4aba8c6b
+#: canaille.core.models.User.region:1 of
+msgid "The state or region component."
+msgstr ""
+
+#: ../../docstring 049e8a5b7701411f9da7ba9c3c754d04
+#: canaille.core.models.User.street:1 of
+msgid ""
+"The full street address component, which may include house number, street"
+" name, P.O."
+msgstr ""
+
+#: ../../docstring 0ab2e0885bc24c46b7ad9e6f55f7ebb0
+#: canaille.core.models.User.street:4 of
+msgid ""
+"box, and multi-line extended street address information.  This attribute "
+"MAY contain newlines."
+msgstr ""
+
+#: ../../docstring 75afc62c58134ad8a38e8d59f0743994
+#: canaille.core.models.User.title:1 of
+msgid "The user's title, such as \"Vice President\"."
+msgstr ""
+
+#: ../../docstring 5850e73e21a642efaa0e6ae54a55f0cd
+#: canaille.core.models.User.user_name:1 of
+msgid ""
+"A service provider's unique identifier for the user, typically used by "
+"the user to directly authenticate to the service provider."
+msgstr ""
+
+#: ../../docstring 4555ed2797644feaa577f9edc6284ab6
+#: canaille.core.models.User.user_name:4 of
+msgid ""
+"Often displayed to the user as their unique identifier within the system "
+"(as opposed to \"id\" or \"externalId\", which are generally opaque and "
+"not user-friendly identifiers).  Each User MUST include a non-empty "
+"userName value.  This identifier MUST be unique across the service "
+"provider's entire set of Users.  This attribute is REQUIRED and is case "
+"insensitive."
+msgstr ""
+
+#: 0a3321c9a0bc481c830aed35014cd2e8 canaille.core.models.User.writable_fields:1
+#: of
+msgid ""
+"The fields the user can write according to the :class:`configuration "
+"<canaille.core.configuration.ACLSettings>`."
+msgstr ""
+
+#: canaille.oidc.basemodels.AuthorizationCode:1
+#: fe9d924164fb4587b942938d012016b9 of
+msgid "OpenID Connect temporary authorization code definition."
+msgstr ""
+
+#: canaille.oidc.basemodels.Client:1 d1fa5a8cbf7d458494679089a2aba2fb of
+msgid ""
+"OpenID Connect client definition, based on the `OAuth 2.0 Dynamic Client "
+"Registration protocols "
+"<https://datatracker.ietf.org/doc/html/rfc7591.html>`_ and the `OpenID "
+"Connect RP-Initiated Logout <https://openid.net/specs/openid-connect-"
+"rpinitiated-1_0.html>`_ specifications."
+msgstr ""
+
+#: ../../docstring canaille.oidc.basemodels.Client.client_id:3
+#: d80b7305a4714ac4a3d9de849ffa97bf of
+msgid ""
+"OAuth 2.0 client identifier string.  It SHOULD NOT be currently valid for"
+" any other registered client, though an authorization server MAY issue "
+"the same client identifier to multiple instances of a registered client "
+"at its discretion."
+msgstr ""
+
+#: ../../docstring 1b11125f523948e1b47df25bea51d9cf
+#: 2300f7bc0bc24c79b9c75cfd19e27b95 b395648712ba4ce8934afebc751f1618
+#: canaille.oidc.basemodels.Client.client_id_issued_at:1
+#: canaille.oidc.basemodels.Client.client_secret:1
+#: canaille.oidc.basemodels.Client.post_logout_redirect_uris:1 of
+msgid "OPTIONAL."
+msgstr ""
+
+#: ../../docstring 11a22bc5758e4a6ab4b916f3bada85fe
+#: canaille.oidc.basemodels.Client.client_id_issued_at:3 of
+msgid ""
+"Time at which the client identifier was issued.  The time is represented "
+"as the number of seconds from 1970-01-01T00:00:00Z as measured in UTC "
+"until the date/time of issuance."
+msgstr ""
+
+#: ../../docstring 406f7421746d4f0d84fd323c6975589f
+#: canaille.oidc.basemodels.Client.client_name:1 of
+msgid ""
+"Human-readable string name of the client to be presented to the end-user "
+"during authorization."
+msgstr ""
+
+#: ../../docstring b1a271e42321484f8ab7e02e8a0630f8
+#: canaille.oidc.basemodels.Client.client_name:4 of
+msgid ""
+"If omitted, the authorization server MAY display the raw \"client_id\" "
+"value to the end-user instead.  It is RECOMMENDED that clients always "
+"send this field. The value of this field MAY be internationalized, as "
+"described in Section 2.2."
+msgstr ""
+
+#: ../../docstring a57ad017042549a0b814e77b12849fba
+#: canaille.oidc.basemodels.Client.client_secret:3 of
+msgid ""
+"OAuth 2.0 client secret string.  If issued, this MUST be unique for each "
+"\"client_id\" and SHOULD be unique for multiple instances of a client "
+"using the same \"client_id\".  This value is used by confidential clients"
+" to authenticate to the token endpoint, as described in OAuth 2.0 "
+"[RFC6749], Section 2.3.1."
+msgstr ""
+
+#: ../../docstring 22f18a7e3b184e04bf11533077bccd1b
+#: canaille.oidc.basemodels.Client.client_secret_expires_at:1 of
+msgid "REQUIRED if \"client_secret\" is issued."
+msgstr ""
+
+#: ../../docstring 07641c93932b45f4a7b2b98f6761fa98
+#: canaille.oidc.basemodels.Client.client_secret_expires_at:3 of
+msgid ""
+"Time at which the client secret will expire or 0 if it will not expire.  "
+"The time is represented as the number of seconds from "
+"1970-01-01T00:00:00Z as measured in UTC until the date/time of "
+"expiration."
+msgstr ""
+
+#: ../../docstring 00ecf7b29a6241ab8cc7f8480cc13729
+#: canaille.oidc.basemodels.Client.client_uri:1 of
+msgid "URL string of a web page providing information about the client."
+msgstr ""
+
+#: ../../docstring canaille.oidc.basemodels.Client.client_uri:3
+#: df7fc4a043c14b4d8822ebb2d2ef8f32 of
+msgid ""
+"If present, the server SHOULD display this URL to the end-user in a "
+"clickable fashion.  It is RECOMMENDED that clients always send this "
+"field.  The value of this field MUST point to a valid web page.  The "
+"value of this field MAY be internationalized, as described in Section "
+"2.2."
+msgstr ""
+
+#: ../../docstring 19d18f0b6e0b430fad3a38ccadcbec70
+#: canaille.oidc.basemodels.Client.contacts:1 of
+msgid ""
+"Array of strings representing ways to contact people responsible for this"
+" client, typically email addresses."
+msgstr ""
+
+#: ../../docstring canaille.oidc.basemodels.Client.contacts:4
+#: fe619b319fd54f0e9f6a3b61b19545e8 of
+msgid ""
+"The authorization server MAY make these contact addresses available to "
+"end-users for support requests for the client.  See Section 6 for "
+"information on Privacy Considerations."
+msgstr ""
+
+#: ../../docstring 90b56e1723dd4c049ab3a6f560d33a87
+#: canaille.oidc.basemodels.Client.grant_types:1 of
+msgid ""
+"Array of OAuth 2.0 grant type strings that the client can use at the "
+"token endpoint.  These grant types are defined as follows:"
+msgstr ""
+
+#: ../../docstring 5873bfc5a02b48a29bf739b576f71410
+#: canaille.oidc.basemodels.Client.grant_types:4 of
+msgid ""
+"\"authorization_code\": The authorization code grant type defined in "
+"OAuth 2.0, Section 4.1."
+msgstr ""
+
+#: ../../docstring 167a4b7521454d9c8d9852c06cc76155
+#: canaille.oidc.basemodels.Client.grant_types:7 of
+msgid "\"implicit\": The implicit grant type defined in OAuth 2.0, Section 4.2."
+msgstr ""
+
+#: ../../docstring b069ce3e42914633ae69a552557497af
+#: canaille.oidc.basemodels.Client.grant_types:10 of
+msgid ""
+"\"password\": The resource owner password credentials grant type defined "
+"in OAuth 2.0, Section 4.3."
+msgstr ""
+
+#: ../../docstring c5923a28a3fb4d8eaa3f837afe9d4357
+#: canaille.oidc.basemodels.Client.grant_types:13 of
+msgid ""
+"\"client_credentials\": The client credentials grant type defined in "
+"OAuth 2.0, Section 4.4."
+msgstr ""
+
+#: ../../docstring 07d597d9e6a84f94a8152e04d1eedf38
+#: canaille.oidc.basemodels.Client.grant_types:16 of
+msgid ""
+"\"refresh_token\": The refresh token grant type defined in OAuth 2.0, "
+"Section 6."
+msgstr ""
+
+#: ../../docstring canaille.oidc.basemodels.Client.grant_types:19
+#: cf54246868494647903b6b790ddac962 of
+msgid ""
+"\"urn:ietf:params:oauth:grant-type:jwt-bearer\": The JWT Bearer Token "
+"Grant Type defined in OAuth JWT Bearer Token Profiles [RFC7523]."
+msgstr ""
+
+#: ../../docstring a6d3ab8808914df3b7a5e1c747f03b64
+#: canaille.oidc.basemodels.Client.grant_types:23 of
+msgid ""
+"\"urn:ietf:params:oauth:grant-type:saml2-bearer\": The SAML 2.0 Bearer "
+"Assertion Grant defined in OAuth SAML 2 Bearer Token Profiles [RFC7522]."
+msgstr ""
+
+#: ../../docstring 2de10f7660364aab907a404d9245c9af
+#: canaille.oidc.basemodels.Client.grant_types:27 of
+msgid ""
+"If the token endpoint is used in the grant type, the value of this "
+"parameter MUST be the same as the value of the \"grant_type\" parameter "
+"passed to the token endpoint defined in the grant type definition.  "
+"Authorization servers MAY allow for other values as defined in the grant "
+"type extension process described in OAuth 2.0, Section 4.5.  If omitted, "
+"the default behavior is that the client will use only the "
+"\"authorization_code\" Grant Type."
+msgstr ""
+
+#: ../../docstring b5bd2dd5cc7c46f1b61f0cfda03150bb
+#: canaille.oidc.basemodels.Client.jwk:1 of
+msgid ""
+"Client's JSON Web Key Set [RFC7517] document value, which contains the "
+"client's public keys."
+msgstr ""
+
+#: ../../docstring 9bab75b252bc414e9634643834bf50c8
+#: canaille.oidc.basemodels.Client.jwk:4 of
+msgid ""
+"The value of this field MUST be a JSON object containing a valid JWK Set."
+"  These keys can be used by higher-level protocols that use signing or "
+"encryption.  This parameter is intended to be used by clients that cannot"
+" use the \"jwks_uri\" parameter, such as native clients that cannot host "
+"public URLs.  The \"jwks_uri\" and \"jwks\" parameters MUST NOT both be "
+"present in the same request or response."
+msgstr ""
+
+#: ../../docstring 57578f71f8f54719934081048136176d
+#: canaille.oidc.basemodels.Client.jwks_uri:1 of
+msgid ""
+"URL string referencing the client's JSON Web Key (JWK) Set [RFC7517] "
+"document, which contains the client's public keys."
+msgstr ""
+
+#: ../../docstring canaille.oidc.basemodels.Client.jwks_uri:4
+#: f740381df0634148950cc7fed3b62285 of
+msgid ""
+"The value of this field MUST point to a valid JWK Set document. These "
+"keys can be used by higher-level protocols that use signing or "
+"encryption.  For instance, these keys might be used by some applications "
+"for validating signed requests made to the token endpoint when using JWTs"
+" for client authentication [RFC7523].  Use of this parameter is preferred"
+" over the \"jwks\" parameter, as it allows for easier key rotation.  The "
+"\"jwks_uri\" and \"jwks\" parameters MUST NOT both be present in the same"
+" request or response."
+msgstr ""
+
+#: ../../docstring 398cacd6dae7426c896accbef1b05031
+#: canaille.oidc.basemodels.Client.logo_uri:1 of
+msgid "URL string that references a logo for the client."
+msgstr ""
+
+#: ../../docstring b54bb5d58c8b4590a5780f56de3684fc
+#: canaille.oidc.basemodels.Client.logo_uri:3 of
+msgid ""
+"If present, the server SHOULD display this image to the end-user during "
+"approval. The value of this field MUST point to a valid image file.  The "
+"value of this field MAY be internationalized, as described in Section "
+"2.2."
+msgstr ""
+
+#: ../../docstring 7b8c071af0e541b4a1cd23ccab94537c
+#: canaille.oidc.basemodels.Client.policy_uri:1 of
+msgid ""
+"URL string that points to a human-readable privacy policy document that "
+"describes how the deployment organization collects, uses, retains, and "
+"discloses personal data."
+msgstr ""
+
+#: ../../docstring 0d53a7af1fe74511bb2cffa04042c471
+#: 4930f030916748c3a07eb59f0466950f
+#: canaille.oidc.basemodels.Client.policy_uri:5
+#: canaille.oidc.basemodels.Client.tos_uri:5 of
+msgid ""
+"The authorization server SHOULD display this URL to the end-user if it is"
+" provided.  The value of this field MUST point to a valid web page.  The "
+"value of this field MAY be internationalized, as described in Section "
+"2.2."
+msgstr ""
+
+#: ../../docstring canaille.oidc.basemodels.Client.post_logout_redirect_uris:3
+#: ff29a92b953f491e8c9d916adbffffa3 of
+msgid ""
+"Array of URLs supplied by the RP to which it MAY request that the End-"
+"User's User Agent be redirected using the post_logout_redirect_uri "
+"parameter after a logout has been performed. These URLs SHOULD use the "
+"https scheme and MAY contain port, path, and query parameter components; "
+"however, they MAY use the http scheme, provided that the Client Type is "
+"confidential, as defined in Section 2.1 of OAuth 2.0 [RFC6749], and "
+"provided the OP allows the use of http RP URIs."
+msgstr ""
+
+#: ../../docstring 2741c91c5c934f318d4268fc9848e2cc
+#: canaille.oidc.basemodels.Client.redirect_uris:1 of
+msgid ""
+"Array of redirection URI strings for use in redirect-based flows such as "
+"the authorization code and implicit flows."
+msgstr ""
+
+#: ../../docstring 5f7e65eb067c4b819749078240746df7
+#: canaille.oidc.basemodels.Client.redirect_uris:4 of
+msgid ""
+"As required by Section 2 of OAuth 2.0 [RFC6749], clients using flows with"
+" redirection MUST register their redirection URI values. Authorization "
+"servers that support dynamic registration for redirect-based flows MUST "
+"implement support for this metadata value."
+msgstr ""
+
+#: ../../docstring 54d3901cbefe4700bd6b94c8f20b8984
+#: canaille.oidc.basemodels.Client.response_types:1 of
+msgid ""
+"Array of the OAuth 2.0 response type strings that the client can use at "
+"the authorization endpoint.  These response types are defined as follows:"
+msgstr ""
+
+#: ../../docstring 0f5f76aef1d5434bbb01e66b6b427c17
+#: canaille.oidc.basemodels.Client.response_types:5 of
+msgid ""
+"\"code\": The authorization code response type defined in OAuth 2.0, "
+"Section 4.1."
+msgstr ""
+
+#: ../../docstring 5ba120e7f7d64db498c53f4fcedbcdc1
+#: canaille.oidc.basemodels.Client.response_types:8 of
+msgid "\"token\": The implicit response type defined in OAuth 2.0, Section 4.2."
+msgstr ""
+
+#: ../../docstring 9c7d0bdc0f0240a38535d2575a44ff9c
+#: canaille.oidc.basemodels.Client.response_types:11 of
+msgid ""
+"If the authorization endpoint is used by the grant type, the value of "
+"this parameter MUST be the same as the value of the \"response_type\" "
+"parameter passed to the authorization endpoint defined in the grant type "
+"definition.  Authorization servers MAY allow for other values as defined "
+"in the grant type extension process is described in OAuth 2.0, Section "
+"4.5.  If omitted, the default is that the client will use only the "
+"\"code\" response type."
+msgstr ""
+
+#: ../../docstring ac1eac1d27b642d8a7cebbf513181629
+#: canaille.oidc.basemodels.Client.scope:1 of
+msgid ""
+"String containing a space-separated list of scope values (as described in"
+" Section 3.3 of OAuth 2.0 [RFC6749]) that the client can use when "
+"requesting access tokens."
+msgstr ""
+
+#: ../../docstring canaille.oidc.basemodels.Client.scope:5
+#: d960080bf7574b5283c226b0ab2b9372 of
+msgid ""
+"The semantics of values in this list are service specific.  If omitted, "
+"an authorization server MAY register a client with a default set of "
+"scopes."
+msgstr ""
+
+#: ../../docstring canaille.oidc.basemodels.Client.software_id:1
+#: d1f72b9bc83c41bb88c7ffcf09937ce5 of
+msgid ""
+"A unique identifier string (e.g., a Universally Unique Identifier (UUID))"
+" assigned by the client developer or software publisher used by "
+"registration endpoints to identify the client software to be dynamically "
+"registered."
+msgstr ""
+
+#: ../../docstring a94bd506bcb84e018b965df1597fb0b1
+#: canaille.oidc.basemodels.Client.software_id:6 of
+msgid ""
+"Unlike \"client_id\", which is issued by the authorization server and "
+"SHOULD vary between instances, the \"software_id\" SHOULD remain the same"
+" for all instances of the client software.  The \"software_id\" SHOULD "
+"remain the same across multiple updates or versions of the same piece of "
+"software.  The value of this field is not intended to be human readable "
+"and is usually opaque to the client and authorization server."
+msgstr ""
+
+#: ../../docstring 0ae66a5b4e724bd8b4f80cc69f3fd44b
+#: canaille.oidc.basemodels.Client.software_version:1 of
+msgid ""
+"A version identifier string for the client software identified by "
+"\"software_id\"."
+msgstr ""
+
+#: ../../docstring 59f8fb95a6ec452bba957f87795edec6
+#: canaille.oidc.basemodels.Client.software_version:4 of
+msgid ""
+"The value of the \"software_version\" SHOULD change on any update to the "
+"client software identified by the same \"software_id\".  The value of "
+"this field is intended to be compared using string equality matching and "
+"no other comparison semantics are defined by this specification.  The "
+"value of this field is outside the scope of this specification, but it is"
+" not intended to be human readable and is usually opaque to the client "
+"and authorization server.  The definition of what constitutes an update "
+"to client software that would trigger a change to this value is specific "
+"to the software itself and is outside the scope of this specification."
+msgstr ""
+
+#: ../../docstring 0c628b480a714a86b406cd36d8d80275
+#: canaille.oidc.basemodels.Client.token_endpoint_auth_method:1 of
+msgid ""
+"String indicator of the requested authentication method for the token "
+"endpoint.  Values defined by this specification are:"
+msgstr ""
+
+#: ../../docstring 546228d2e7e54942a2ae632997ab67c6
+#: canaille.oidc.basemodels.Client.token_endpoint_auth_method:4 of
+msgid ""
+"\"none\": The client is a public client as defined in OAuth 2.0, Section "
+"2.1, and does not have a client secret."
+msgstr ""
+
+#: ../../docstring 73c66cc275a34ba68ee43b9fb40c21f5
+#: canaille.oidc.basemodels.Client.token_endpoint_auth_method:7 of
+msgid ""
+"\"client_secret_post\": The client uses the HTTP POST parameters as "
+"defined in OAuth 2.0, Section 2.3.1."
+msgstr ""
+
+#: ../../docstring 084496ca247d426c8e295865ee194907
+#: canaille.oidc.basemodels.Client.token_endpoint_auth_method:10 of
+msgid ""
+"\"client_secret_basic\": The client uses HTTP Basic as defined in OAuth "
+"2.0, Section 2.3.1."
+msgstr ""
+
+#: ../../docstring 6c77b2e92a9242a1a1ac779a50a6b959
+#: canaille.oidc.basemodels.Client.token_endpoint_auth_method:13 of
+msgid ""
+"Additional values can be defined via the IANA \"OAuth Token Endpoint "
+"Authentication Methods\" registry established in Section 4.2.  Absolute "
+"URIs can also be used as values for this parameter without being "
+"registered.  If unspecified or omitted, the default is "
+"\"client_secret_basic\", denoting the HTTP Basic authentication scheme as"
+" specified in Section 2.3.1 of OAuth 2.0."
+msgstr ""
+
+#: ../../docstring 36417da6c2f44c7e92cae7cb3f0ba7cb
+#: canaille.oidc.basemodels.Client.tos_uri:1 of
+msgid ""
+"URL string that points to a human-readable terms of service document for "
+"the client that describes a contractual relationship between the end-user"
+" and the client that the end-user accepts when authorizing the client."
+msgstr ""
+
+#: canaille.oidc.basemodels.Consent:1 f160b96459c64852b6038a5bede57527 of
+msgid "Long-term user consent to an application."
+msgstr ""
+
+#: 3be00302014441608d644b1a2a2de130 canaille.oidc.basemodels.Token:1 of
+msgid "OpenID Connect token definition."
+msgstr ""
+
diff --git a/doc/locales/fr_FR/LC_MESSAGES/tutorial.po b/doc/locales/fr_FR/LC_MESSAGES/tutorial.po
new file mode 100644
index 00000000..886d3d8c
--- /dev/null
+++ b/doc/locales/fr_FR/LC_MESSAGES/tutorial.po
@@ -0,0 +1,466 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) 2024, Yaal Coop
+# This file is distributed under the same license as the canaille package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, 2024.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: canaille 0.0.56\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2024-11-22 15:35+0100\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language: fr_FR\n"
+"Language-Team: fr_FR <LL@li.org>\n"
+"Plural-Forms: nplurals=2; plural=(n > 1);\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Generated-By: Babel 2.16.0\n"
+
+#: ../../doc/tutorial/databases.rst:2
+msgid "Databases"
+msgstr ""
+
+#: ../../doc/tutorial/databases.rst:4
+msgid ""
+"Canaille can read and save data in different databases. This page "
+"presents the different database backends and their specificities:"
+msgstr ""
+
+#: ../../doc/tutorial/databases.rst:8
+msgid "Memory"
+msgstr ""
+
+#: ../../doc/tutorial/databases.rst:10
+msgid ""
+"Canaille comes with a lightweight inmemory backend by default. It is used"
+" when no other backend has been configured."
+msgstr ""
+
+#: ../../doc/tutorial/databases.rst:13
+msgid ""
+"This backend is only for test purpose and should not be used in "
+"production environments."
+msgstr ""
+
+#: ../../doc/tutorial/databases.rst:16
+msgid "SQL"
+msgstr ""
+
+#: ../../doc/tutorial/databases.rst:18
+msgid ""
+"Canaille can use any database supported by `SQLAlchemy "
+"<https://www.sqlalchemy.org/>`_, such as sqlite, postgresql or mariadb."
+msgstr ""
+
+#: ../../doc/tutorial/databases.rst:21
+msgid ""
+"It is used when the ``CANAILLE_SQL`` configuration parameter is defined. "
+"For instance:"
+msgstr ""
+
+#: ../../doc/tutorial/databases.rst:23 ../../doc/tutorial/databases.rst:37
+msgid "config.toml"
+msgstr ""
+
+#: ../../doc/tutorial/databases.rst:29
+msgid ""
+"You can find more details on the SQL configuration in the "
+":class:`dedicated section "
+"<canaille.backends.sql.configuration.SQLSettings>`."
+msgstr ""
+
+#: ../../doc/tutorial/databases.rst:32
+msgid "LDAP"
+msgstr ""
+
+#: ../../doc/tutorial/databases.rst:34
+msgid ""
+"Canaille can use OpenLDAP as its main database. It is used when the "
+"``CANAILLE_LDAP`` configuration parameter is defined. For instance:"
+msgstr ""
+
+#: ../../doc/tutorial/databases.rst:52
+msgid ""
+"You can find more details on the LDAP configuration in the "
+":class:`dedicated section "
+"<canaille.backends.ldap.configuration.LDAPSettings>`."
+msgstr ""
+
+#: ../../doc/tutorial/databases.rst:55
+msgid ""
+"Currently, only the ``inetOrgPerson`` and ``groupOfNames`` schemas have "
+"been tested. If you want to use different schemas or LDAP servers, "
+"adaptations may be needed. Patches are welcome."
+msgstr ""
+
+#: ../../doc/tutorial/databases.rst:60
+msgid "OpenLDAP overlays integration"
+msgstr ""
+
+#: ../../doc/tutorial/databases.rst:62
+msgid "Canaille can integrate with several OpenLDAP overlays:"
+msgstr ""
+
+#: ../../doc/tutorial/databases.rst:65
+msgid "memberof / refint"
+msgstr ""
+
+#: ../../doc/tutorial/databases.rst:67
+#, python-format
+msgid ""
+"`memberof "
+"<https://www.openldap.org/doc/admin26/overlays.html#Reverse%20Group%20Membership%20Maintenance>`_"
+" and `refint "
+"<https://www.openldap.org/doc/admin26/overlays.html#Referential%20Integrity>`_"
+" overlays are needed for the Canaille group membership to work correctly."
+msgstr ""
+
+#: ../../doc/tutorial/databases.rst:71 ../../doc/tutorial/databases.rst:94
+msgid "Here is a configuration example compatible with canaille:"
+msgstr ""
+
+#: ../../doc/tutorial/databases.rst:73
+msgid "memberof-config.ldif"
+msgstr ""
+
+#: ../../doc/tutorial/databases.rst:77
+msgid "refint-config.ldif"
+msgstr ""
+
+#: ../../doc/tutorial/databases.rst:81 ../../doc/tutorial/databases.rst:104
+msgid "You can adapt and load those configuration files with:"
+msgstr ""
+
+#: ../../doc/tutorial/databases.rst:90
+msgid "ppolicy"
+msgstr ""
+
+#: ../../doc/tutorial/databases.rst:92
+msgid ""
+"If the `ppolicy <https://www.ietf.org/archive/id/draft-behera-ldap-"
+"password-policy-11.html>`_ overlay is configured and the ``pwdEndTime`` "
+"attribute is available (since OpenLDAP 2.6), then account locking support"
+" will be enabled in canaille. To allow users to manage account "
+"expiration, they need to have a *write* permission on the "
+":attr:`~canaille.core.models.User.lock_date` attribute."
+msgstr ""
+
+#: ../../doc/tutorial/databases.rst:96
+msgid "ppolicy-config.ldif"
+msgstr ""
+
+#: ../../doc/tutorial/databases.rst:100
+msgid "ppolicy.ldif"
+msgstr ""
+
+#: ../../doc/tutorial/deployment.rst:2
+msgid "Deployment"
+msgstr ""
+
+#: ../../doc/tutorial/deployment.rst:5
+msgid "Application service"
+msgstr ""
+
+#: ../../doc/tutorial/deployment.rst:7
+msgid ""
+"After having finished Canaille installation you have to run it in a WSGI "
+"application server. Here are some WSGI server configuration examples you "
+"can pick. Do not forget to update the paths."
+msgstr ""
+
+#: ../../doc/tutorial/deployment.rst:11
+msgid "gunicorn"
+msgstr ""
+
+#: ../../doc/tutorial/deployment.rst:13
+msgid "Todo"
+msgstr ""
+
+#: ../../doc/tutorial/deployment.rst:15
+msgid "Write a gunicorn configuration sample file."
+msgstr ""
+
+#: ../../doc/tutorial/deployment.rst:18
+msgid "uwsgi"
+msgstr ""
+
+#: ../../doc/tutorial/deployment.rst:42
+msgid "Webserver"
+msgstr ""
+
+#: ../../doc/tutorial/deployment.rst:44
+msgid ""
+"Now you have to plug your WSGI application server to your webserver so it"
+" is accessible on the internet. Here are some webserver configuration "
+"examples you can pick:"
+msgstr ""
+
+#: ../../doc/tutorial/deployment.rst:48
+msgid "Nginx"
+msgstr ""
+
+#: ../../doc/tutorial/deployment.rst:114
+msgid "Apache"
+msgstr ""
+
+#: ../../doc/tutorial/deployment.rst:153
+msgid "Recurrent jobs"
+msgstr ""
+
+#: ../../doc/tutorial/deployment.rst:155
+msgid ""
+"You might want to clean up your database to avoid it growing too much. "
+"You can regularly delete expired tokens and authorization codes with:"
+msgstr ""
+
+#: ../../doc/tutorial/deployment.rst:164
+msgid "Webfinger"
+msgstr ""
+
+#: ../../doc/tutorial/deployment.rst:166
+msgid ""
+"You may want to configure a `WebFinger`_ endpoint on your main website to"
+" allow the automatic discovery of your Canaille installation based on the"
+" account name of one of your users. For instance, suppose your domain is "
+"``mydomain.example`` and your Canaille domain is "
+"``auth.mydomain.example`` and there is a user ``john.doe``. A third-party"
+" application could require to authenticate the user and ask them for a "
+"user account. The user would give their account "
+"``john.doe@mydomain.example``, then the application would perform a "
+"WebFinger request at ``https://mydomain.example/.well-known/webfinger`` "
+"and the response would contain the address of the authentication server "
+"``https://auth.mydomain.example``. With this information the third party "
+"application can redirect the user to the Canaille authentication page."
+msgstr ""
+
+#: ../../doc/tutorial/deployment.rst:168
+msgid ""
+"The difficulty here is that the WebFinger endpoint must be hosted at the "
+"top-level domain (i.e. ``mydomain.example``) while the authentication "
+"server might be hosted on a sublevel (i.e. ``auth.mydomain.example``). "
+"Canaille provides a WebFinger endpoint, but if it is not hosted at the "
+"top-level domain, a web redirection is required on the ``/.well-"
+"known/webfinger`` path."
+msgstr ""
+
+#: ../../doc/tutorial/deployment.rst:170
+msgid "Here are configuration examples for Nginx or Apache:"
+msgstr ""
+
+#: ../../doc/tutorial/deployment.rst:172
+msgid "Nginx webfinger configuration for a top level domain"
+msgstr ""
+
+#: ../../doc/tutorial/deployment.rst:181
+msgid "Apache webfinger configuration for a top level domain"
+msgstr ""
+
+#: ../../doc/tutorial/deployment.rst:191
+msgid "Create the first user"
+msgstr ""
+
+#: ../../doc/tutorial/deployment.rst:193
+msgid ""
+"Once canaille is installed, soon enough you will need to add users. To "
+"create your first user you can use the :ref:`canaille create "
+"<cli_create>` CLI."
+msgstr ""
+
+#: ../../doc/tutorial/index.rst:2
+msgid "Tutorial"
+msgstr ""
+
+#: ../../doc/tutorial/install.rst:2
+msgid "Installation"
+msgstr ""
+
+#: ../../doc/tutorial/install.rst:6
+msgid ""
+"Canaille is under heavy development and may not fit a production "
+"environment yet."
+msgstr ""
+
+#: ../../doc/tutorial/install.rst:8
+msgid ""
+"The installation of canaille consist in several steps, some of which you "
+"can do manually or with command line tool:"
+msgstr ""
+
+#: ../../doc/tutorial/install.rst:11
+msgid "Get the code"
+msgstr ""
+
+#: ../../doc/tutorial/install.rst:13
+msgid ""
+"As the moment there is no distribution package for canaille. However, it "
+"can be installed with the ``pip`` package manager. Let us choose a place "
+"for the canaille environment, like ``/opt/canaille/env``."
+msgstr ""
+
+#: ../../doc/tutorial/install.rst:24
+msgid "Extras"
+msgstr ""
+
+#: ../../doc/tutorial/install.rst:26
+msgid "Canaille provides different package options:"
+msgstr ""
+
+#: ../../doc/tutorial/install.rst:28
+msgid "`front` provides all the things needed to produce the user interface;"
+msgstr ""
+
+#: ../../doc/tutorial/install.rst:29
+msgid "`oidc` provides the dependencies to perform OAuth2/OIDC authentication;"
+msgstr ""
+
+#: ../../doc/tutorial/install.rst:30
+msgid "`ldap` provides the dependencies to enable the LDAP backend;"
+msgstr ""
+
+#: ../../doc/tutorial/install.rst:31
+msgid "`sqlite` provides the dependencies to enable the SQLite backend;"
+msgstr ""
+
+#: ../../doc/tutorial/install.rst:32
+msgid "`postgresql` provides the dependencies to enable the PostgreSQL backend;"
+msgstr ""
+
+#: ../../doc/tutorial/install.rst:33
+msgid "`mysql` provides the dependencies to enable the MySQL backend;"
+msgstr ""
+
+#: ../../doc/tutorial/install.rst:34
+msgid "`sentry` provides sentry integration to watch Canaille exceptions;"
+msgstr ""
+
+#: ../../doc/tutorial/install.rst:35
+msgid "`all` provides all the extras above."
+msgstr ""
+
+#: ../../doc/tutorial/install.rst:37
+msgid "They can be installed with:"
+msgstr ""
+
+#: ../../doc/tutorial/install.rst:44
+msgid "Configure"
+msgstr ""
+
+#: ../../doc/tutorial/install.rst:46
+msgid ""
+"Choose a path where to store your configuration file. You can pass any "
+"configuration path with the ``CONFIG`` environment variable."
+msgstr ""
+
+#: ../../doc/tutorial/install.rst:54
+msgid ""
+"You should then edit your configuration file to adapt the values to your "
+"needs. Look at the configuration details in the :doc:`configuration "
+"<../references/configuration>` page."
+msgstr ""
+
+#: ../../doc/tutorial/install.rst:57
+msgid "Install"
+msgstr ""
+
+#: ../../doc/tutorial/install.rst:59
+msgid ""
+"The :ref:`install command <cli_install>` will apply most of the things "
+"needed to get Canaille working. Depending on the configured "
+":doc:`database <databases>` it will create the SQL tables, or install the"
+" LDAP schemas for instance."
+msgstr ""
+
+#: ../../doc/tutorial/install.rst:68
+msgid "Check"
+msgstr ""
+
+#: ../../doc/tutorial/install.rst:70
+msgid ""
+"After a manual installation, you can check your configuration file using "
+"the :ref:`check command <cli_install>`:"
+msgstr ""
+
+#: ../../doc/tutorial/troubleshooting.rst:2
+msgid "Troubleshooting"
+msgstr ""
+
+#: ../../doc/tutorial/troubleshooting.rst:5
+msgid "The web interface throws useless error messages"
+msgstr ""
+
+#: ../../doc/tutorial/troubleshooting.rst:7
+msgid ""
+"Unless the current user has admin :class:`permissions "
+"<canaille.core.configuration.Permission>`, or the installation is in "
+":attr:`~canaille.app.configuration.RootSettings.DEBUG` mode, error "
+"messages won't be too technical. For instance, you can see *The request "
+"you made is invalid*. To enable detailed error messages, you can "
+"**temporarily** enable the "
+":attr:`~canaille.app.configuration.RootSettings.DEBUG` configuration "
+"parameter."
+msgstr ""
+
+#: ../../doc/tutorial/troubleshooting.rst:12
+msgid "How to manually install LDAP schemas?"
+msgstr ""
+
+#: ../../doc/tutorial/troubleshooting.rst:16
+msgid ""
+"Schema installation can be automatically done using the :ref:`install "
+"command <cli_install>`."
+msgstr ""
+
+#: ../../doc/tutorial/troubleshooting.rst:18
+msgid "As of OpenLDAP 2.4, two configuration methods are available:"
+msgstr ""
+
+#: ../../doc/tutorial/troubleshooting.rst:20
+msgid ""
+"The `deprecated <https://www.openldap.org/doc/admin26/slapdconf2.html>`_ "
+"one, based on a configuration file (generally ``/etc/ldap/slapd.conf``);"
+msgstr ""
+
+#: ../../doc/tutorial/troubleshooting.rst:21
+msgid ""
+"The new one, based on a configuration directory (generally "
+"``/etc/ldap/slapd.d``)."
+msgstr ""
+
+#: ../../doc/tutorial/troubleshooting.rst:23
+msgid ""
+"Depending on the configuration method you use with your OpenLDAP "
+"installation, you need to chose how to add the canaille schemas:"
+msgstr ""
+
+#: ../../doc/tutorial/troubleshooting.rst:26
+msgid "Old fashion: Copy the schemas in your filesystem"
+msgstr ""
+
+#: ../../doc/tutorial/troubleshooting.rst:35
+msgid "New fashion: Use slapadd to add the schemas"
+msgstr ""
+
+#: ../../doc/tutorial/troubleshooting.rst:37
+msgid "Be careful to stop your ldap server before running ``slapadd``"
+msgstr ""
+
+#: ../../doc/tutorial/troubleshooting.rst:46
+msgid "How to manually generate the OIDC keypair?"
+msgstr ""
+
+#: ../../doc/tutorial/troubleshooting.rst:50
+msgid ""
+"The keypair generation can be automatically done using the :ref:`install "
+"command <cli_install>`."
+msgstr ""
+
+#: ../../doc/tutorial/troubleshooting.rst:52
+msgid ""
+"Canaille needs a key pair to sign OIDC tokens. You can customize those "
+"commands, as long as they match the ``JWT`` section of your configuration"
+" file."
+msgstr ""
+
diff --git a/doc/locales/fr_FR/LC_MESSAGES/tutorial/databases.po b/doc/locales/fr_FR/LC_MESSAGES/tutorial/databases.po
new file mode 100644
index 00000000..4c58d290
--- /dev/null
+++ b/doc/locales/fr_FR/LC_MESSAGES/tutorial/databases.po
@@ -0,0 +1,161 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) 2024, Yaal Coop
+# This file is distributed under the same license as the canaille package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, 2024.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: canaille 0.0.56\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2024-11-22 15:37+0100\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language: fr_FR\n"
+"Language-Team: fr_FR <LL@li.org>\n"
+"Plural-Forms: nplurals=2; plural=(n > 1);\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Generated-By: Babel 2.16.0\n"
+
+#: ../../doc/tutorial/databases.rst:2 13be28a98aa44e67ad2da068019679b0
+msgid "Databases"
+msgstr ""
+
+#: ../../doc/tutorial/databases.rst:4 34d3c5ad89ca430a847e45d05e2f5019
+msgid ""
+"Canaille can read and save data in different databases. This page "
+"presents the different database backends and their specificities:"
+msgstr ""
+
+#: ../../doc/tutorial/databases.rst:8 2e496b7a0aee4d17b567eb4dc478ea17
+msgid "Memory"
+msgstr ""
+
+#: ../../doc/tutorial/databases.rst:10 ceb74ab4c8774778844a94ed861484f0
+msgid ""
+"Canaille comes with a lightweight inmemory backend by default. It is used"
+" when no other backend has been configured."
+msgstr ""
+
+#: ../../doc/tutorial/databases.rst:13 81d31cff81344214af9be762d9e2d86b
+msgid ""
+"This backend is only for test purpose and should not be used in "
+"production environments."
+msgstr ""
+
+#: ../../doc/tutorial/databases.rst:16 230473fa22cf4e1ea512779b93a88d50
+msgid "SQL"
+msgstr ""
+
+#: ../../doc/tutorial/databases.rst:18 cbb94e64da22446d94826e4b2d8aa841
+msgid ""
+"Canaille can use any database supported by `SQLAlchemy "
+"<https://www.sqlalchemy.org/>`_, such as sqlite, postgresql or mariadb."
+msgstr ""
+
+#: ../../doc/tutorial/databases.rst:21 f1512d513bd543719e9fc2b41a002ec4
+msgid ""
+"It is used when the ``CANAILLE_SQL`` configuration parameter is defined. "
+"For instance:"
+msgstr ""
+
+#: ../../doc/tutorial/databases.rst:23 ../../doc/tutorial/databases.rst:37
+#: 1652808637864b219ffc895ff0b385e2 26343cfad8b1468e857c9af6a929296f
+msgid "config.toml"
+msgstr ""
+
+#: ../../doc/tutorial/databases.rst:29 20d5bb9612194746981991360681be81
+msgid ""
+"You can find more details on the SQL configuration in the "
+":class:`dedicated section "
+"<canaille.backends.sql.configuration.SQLSettings>`."
+msgstr ""
+
+#: ../../doc/tutorial/databases.rst:32 7666e750708b4faa8ed74fbe9dd71455
+msgid "LDAP"
+msgstr ""
+
+#: ../../doc/tutorial/databases.rst:34 d76fc51f518344c1ad042668dc0f6f7f
+msgid ""
+"Canaille can use OpenLDAP as its main database. It is used when the "
+"``CANAILLE_LDAP`` configuration parameter is defined. For instance:"
+msgstr ""
+
+#: ../../doc/tutorial/databases.rst:52 343f1bb31591486da7186300d79ff254
+msgid ""
+"You can find more details on the LDAP configuration in the "
+":class:`dedicated section "
+"<canaille.backends.ldap.configuration.LDAPSettings>`."
+msgstr ""
+
+#: ../../doc/tutorial/databases.rst:55 61cd64aa6b24444eb95c7b328a9bb80a
+msgid ""
+"Currently, only the ``inetOrgPerson`` and ``groupOfNames`` schemas have "
+"been tested. If you want to use different schemas or LDAP servers, "
+"adaptations may be needed. Patches are welcome."
+msgstr ""
+
+#: ../../doc/tutorial/databases.rst:60 2945818fe9854775be50bbbe9bd4920c
+msgid "OpenLDAP overlays integration"
+msgstr ""
+
+#: ../../doc/tutorial/databases.rst:62 a37ceed58a974812bf0449864b97bc36
+msgid "Canaille can integrate with several OpenLDAP overlays:"
+msgstr ""
+
+#: ../../doc/tutorial/databases.rst:65 d6b79a05710643b5ac394738613ef6d7
+msgid "memberof / refint"
+msgstr ""
+
+#: ../../doc/tutorial/databases.rst:67 5afe1236e936402584f1478f77e90a8c
+#, python-format
+msgid ""
+"`memberof "
+"<https://www.openldap.org/doc/admin26/overlays.html#Reverse%20Group%20Membership%20Maintenance>`_"
+" and `refint "
+"<https://www.openldap.org/doc/admin26/overlays.html#Referential%20Integrity>`_"
+" overlays are needed for the Canaille group membership to work correctly."
+msgstr ""
+
+#: ../../doc/tutorial/databases.rst:71 ../../doc/tutorial/databases.rst:94
+#: 43fe5b2a235e4e779a591dfb57e5bd9f 7cadb14c4e324d4d82eaa6503a4f7d5c
+msgid "Here is a configuration example compatible with canaille:"
+msgstr ""
+
+#: ../../doc/tutorial/databases.rst:73 f4492ab7254f48958441eb03ee6cafa0
+msgid "memberof-config.ldif"
+msgstr ""
+
+#: ../../doc/tutorial/databases.rst:77 5a5c78def64b4d699a257b2e407b9c9d
+msgid "refint-config.ldif"
+msgstr ""
+
+#: ../../doc/tutorial/databases.rst:81 ../../doc/tutorial/databases.rst:104
+#: 211625cc561840cfa82975d79ca478ef c4486a215813426b82fcc0d4fecd212b
+msgid "You can adapt and load those configuration files with:"
+msgstr ""
+
+#: ../../doc/tutorial/databases.rst:90 b123a4b628d84343858da2932e77fbfc
+msgid "ppolicy"
+msgstr ""
+
+#: ../../doc/tutorial/databases.rst:92 6e77957f1af14258a453f712e7e4b5ce
+msgid ""
+"If the `ppolicy <https://www.ietf.org/archive/id/draft-behera-ldap-"
+"password-policy-11.html>`_ overlay is configured and the ``pwdEndTime`` "
+"attribute is available (since OpenLDAP 2.6), then account locking support"
+" will be enabled in canaille. To allow users to manage account "
+"expiration, they need to have a *write* permission on the "
+":attr:`~canaille.core.models.User.lock_date` attribute."
+msgstr ""
+
+#: ../../doc/tutorial/databases.rst:96 25a6006c6ec0431d9a6e5e979aedf2c6
+msgid "ppolicy-config.ldif"
+msgstr ""
+
+#: ../../doc/tutorial/databases.rst:100 84603122ff0c46c7b8f149e8af826433
+msgid "ppolicy.ldif"
+msgstr ""
+
diff --git a/doc/locales/fr_FR/LC_MESSAGES/tutorial/deployment.po b/doc/locales/fr_FR/LC_MESSAGES/tutorial/deployment.po
new file mode 100644
index 00000000..f1cd231e
--- /dev/null
+++ b/doc/locales/fr_FR/LC_MESSAGES/tutorial/deployment.po
@@ -0,0 +1,134 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) 2024, Yaal Coop
+# This file is distributed under the same license as the canaille package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, 2024.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: canaille 0.0.56\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2024-11-22 15:37+0100\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language: fr_FR\n"
+"Language-Team: fr_FR <LL@li.org>\n"
+"Plural-Forms: nplurals=2; plural=(n > 1);\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Generated-By: Babel 2.16.0\n"
+
+#: ../../doc/tutorial/deployment.rst:2 ae73f16a212144ffa313290a207b141f
+msgid "Deployment"
+msgstr ""
+
+#: ../../doc/tutorial/deployment.rst:5 35937b9f04b4457f937ec96e1ba29caf
+msgid "Application service"
+msgstr ""
+
+#: ../../doc/tutorial/deployment.rst:7 9e7fd12c32644a11b26be30abdb8fbb9
+msgid ""
+"After having finished Canaille installation you have to run it in a WSGI "
+"application server. Here are some WSGI server configuration examples you "
+"can pick. Do not forget to update the paths."
+msgstr ""
+
+#: ../../doc/tutorial/deployment.rst:11 113eacd3942647f4a67709d106074aae
+msgid "gunicorn"
+msgstr ""
+
+#: ../../doc/tutorial/deployment.rst:13 49056a8d4181451b9d442e040ef58134
+msgid "Todo"
+msgstr ""
+
+#: ../../doc/tutorial/deployment.rst:15 ab8cb26415874d7dac41d27e0fd09196
+msgid "Write a gunicorn configuration sample file."
+msgstr ""
+
+#: ../../doc/tutorial/deployment.rst:18 275e76607f394394925fd8e72baa1bdd
+msgid "uwsgi"
+msgstr ""
+
+#: ../../doc/tutorial/deployment.rst:42 7dd0c119f3ca4d34af4b365848855c7e
+msgid "Webserver"
+msgstr ""
+
+#: ../../doc/tutorial/deployment.rst:44 2642973dba1e4c229c8cafd6b53d1e2e
+msgid ""
+"Now you have to plug your WSGI application server to your webserver so it"
+" is accessible on the internet. Here are some webserver configuration "
+"examples you can pick:"
+msgstr ""
+
+#: ../../doc/tutorial/deployment.rst:48 6e1d1fb0d1de408da0f959d2dda936fd
+msgid "Nginx"
+msgstr ""
+
+#: ../../doc/tutorial/deployment.rst:114 271a543d8077413c8450cb62d811cd49
+msgid "Apache"
+msgstr ""
+
+#: ../../doc/tutorial/deployment.rst:153 468c9bd93bf94365a1e7203d93fa1654
+msgid "Recurrent jobs"
+msgstr ""
+
+#: ../../doc/tutorial/deployment.rst:155 d3f3c6197cdd4664a013462aaea3d735
+msgid ""
+"You might want to clean up your database to avoid it growing too much. "
+"You can regularly delete expired tokens and authorization codes with:"
+msgstr ""
+
+#: ../../doc/tutorial/deployment.rst:164 503958ca36f24b0f96d906166e54b4eb
+msgid "Webfinger"
+msgstr ""
+
+#: ../../doc/tutorial/deployment.rst:166 4c4d784e493a44e082095fa18c278023
+msgid ""
+"You may want to configure a `WebFinger`_ endpoint on your main website to"
+" allow the automatic discovery of your Canaille installation based on the"
+" account name of one of your users. For instance, suppose your domain is "
+"``mydomain.example`` and your Canaille domain is "
+"``auth.mydomain.example`` and there is a user ``john.doe``. A third-party"
+" application could require to authenticate the user and ask them for a "
+"user account. The user would give their account "
+"``john.doe@mydomain.example``, then the application would perform a "
+"WebFinger request at ``https://mydomain.example/.well-known/webfinger`` "
+"and the response would contain the address of the authentication server "
+"``https://auth.mydomain.example``. With this information the third party "
+"application can redirect the user to the Canaille authentication page."
+msgstr ""
+
+#: ../../doc/tutorial/deployment.rst:168 8b5733a39b024333812a79f6415a2d7f
+msgid ""
+"The difficulty here is that the WebFinger endpoint must be hosted at the "
+"top-level domain (i.e. ``mydomain.example``) while the authentication "
+"server might be hosted on a sublevel (i.e. ``auth.mydomain.example``). "
+"Canaille provides a WebFinger endpoint, but if it is not hosted at the "
+"top-level domain, a web redirection is required on the ``/.well-"
+"known/webfinger`` path."
+msgstr ""
+
+#: ../../doc/tutorial/deployment.rst:170 004318975e4d42f9b9df8a4bd60b702e
+msgid "Here are configuration examples for Nginx or Apache:"
+msgstr ""
+
+#: ../../doc/tutorial/deployment.rst:172 7654879ea9db4641898c7d3d54743625
+msgid "Nginx webfinger configuration for a top level domain"
+msgstr ""
+
+#: ../../doc/tutorial/deployment.rst:181 c853d3e4d63943a587bd51261c17fea9
+msgid "Apache webfinger configuration for a top level domain"
+msgstr ""
+
+#: ../../doc/tutorial/deployment.rst:191 e4ab313e4d6744fda9814e13e6921bed
+msgid "Create the first user"
+msgstr ""
+
+#: ../../doc/tutorial/deployment.rst:193 4586783257664fe8b2d4ca1a1b56585f
+msgid ""
+"Once canaille is installed, soon enough you will need to add users. To "
+"create your first user you can use the :ref:`canaille create "
+"<cli_create>` CLI."
+msgstr ""
+
diff --git a/doc/locales/fr_FR/LC_MESSAGES/tutorial/index.po b/doc/locales/fr_FR/LC_MESSAGES/tutorial/index.po
new file mode 100644
index 00000000..5d41a726
--- /dev/null
+++ b/doc/locales/fr_FR/LC_MESSAGES/tutorial/index.po
@@ -0,0 +1,25 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) 2024, Yaal Coop
+# This file is distributed under the same license as the canaille package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, 2024.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: canaille 0.0.56\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2024-11-22 15:37+0100\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language: fr_FR\n"
+"Language-Team: fr_FR <LL@li.org>\n"
+"Plural-Forms: nplurals=2; plural=(n > 1);\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Generated-By: Babel 2.16.0\n"
+
+#: ../../doc/tutorial/index.rst:2 33f796e322b4451abd546832196ba97a
+msgid "Tutorial"
+msgstr ""
+
diff --git a/doc/locales/fr_FR/LC_MESSAGES/tutorial/install.po b/doc/locales/fr_FR/LC_MESSAGES/tutorial/install.po
new file mode 100644
index 00000000..9b53123b
--- /dev/null
+++ b/doc/locales/fr_FR/LC_MESSAGES/tutorial/install.po
@@ -0,0 +1,131 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) 2024, Yaal Coop
+# This file is distributed under the same license as the canaille package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, 2024.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: canaille 0.0.56\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2024-11-22 15:37+0100\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language: fr_FR\n"
+"Language-Team: fr_FR <LL@li.org>\n"
+"Plural-Forms: nplurals=2; plural=(n > 1);\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Generated-By: Babel 2.16.0\n"
+
+#: ../../doc/tutorial/install.rst:2 b59e204f09ac48f492b7ef7bcff6ed98
+msgid "Installation"
+msgstr ""
+
+#: ../../doc/tutorial/install.rst:6 f99a48aee6984df9af6e2ad5347ffa8b
+msgid ""
+"Canaille is under heavy development and may not fit a production "
+"environment yet."
+msgstr ""
+
+#: ../../doc/tutorial/install.rst:8 3fcf21bae744418ea435e09abb6b6f66
+msgid ""
+"The installation of canaille consist in several steps, some of which you "
+"can do manually or with command line tool:"
+msgstr ""
+
+#: ../../doc/tutorial/install.rst:11 3bd6c3c41fcd4b0bb8c3f0059f55411c
+msgid "Get the code"
+msgstr ""
+
+#: ../../doc/tutorial/install.rst:13 0d6d6b5d40714920a8ca25b145d1e568
+msgid ""
+"As the moment there is no distribution package for canaille. However, it "
+"can be installed with the ``pip`` package manager. Let us choose a place "
+"for the canaille environment, like ``/opt/canaille/env``."
+msgstr ""
+
+#: ../../doc/tutorial/install.rst:24 681b57e7aae841408d6fa27aace13c4f
+msgid "Extras"
+msgstr ""
+
+#: ../../doc/tutorial/install.rst:26 6da6e156d7794a87845411e6d5fd0715
+msgid "Canaille provides different package options:"
+msgstr ""
+
+#: ../../doc/tutorial/install.rst:28 698250951765438faba672f8a3ac0ac3
+msgid "`front` provides all the things needed to produce the user interface;"
+msgstr ""
+
+#: ../../doc/tutorial/install.rst:29 f4c143c1e2a04213bffeca345be71dd7
+msgid "`oidc` provides the dependencies to perform OAuth2/OIDC authentication;"
+msgstr ""
+
+#: ../../doc/tutorial/install.rst:30 65190b5b12d44ba78da8de94f10f75eb
+msgid "`ldap` provides the dependencies to enable the LDAP backend;"
+msgstr ""
+
+#: ../../doc/tutorial/install.rst:31 717175ded51a448aa8dee2d5858e2dc1
+msgid "`sqlite` provides the dependencies to enable the SQLite backend;"
+msgstr ""
+
+#: ../../doc/tutorial/install.rst:32 03fe8dbedce84ffeb777a09b324c4a37
+msgid "`postgresql` provides the dependencies to enable the PostgreSQL backend;"
+msgstr ""
+
+#: ../../doc/tutorial/install.rst:33 cdf98e8f28654e60a1f148ffcc82b212
+msgid "`mysql` provides the dependencies to enable the MySQL backend;"
+msgstr ""
+
+#: ../../doc/tutorial/install.rst:34 41ae127f217d4408a769a03f744277ff
+msgid "`sentry` provides sentry integration to watch Canaille exceptions;"
+msgstr ""
+
+#: ../../doc/tutorial/install.rst:35 e6018990bd354799b4d78bd2ff1e5511
+msgid "`all` provides all the extras above."
+msgstr ""
+
+#: ../../doc/tutorial/install.rst:37 bf0755d51529446887714d41b0bc99cd
+msgid "They can be installed with:"
+msgstr ""
+
+#: ../../doc/tutorial/install.rst:44 a1915e091b694983b8c9e0718492f3b0
+msgid "Configure"
+msgstr ""
+
+#: ../../doc/tutorial/install.rst:46 bd3950b464614404a89bec231f6944d5
+msgid ""
+"Choose a path where to store your configuration file. You can pass any "
+"configuration path with the ``CONFIG`` environment variable."
+msgstr ""
+
+#: ../../doc/tutorial/install.rst:54 3fc38f1d84e340a48a5009fe5204df38
+msgid ""
+"You should then edit your configuration file to adapt the values to your "
+"needs. Look at the configuration details in the :doc:`configuration "
+"<../references/configuration>` page."
+msgstr ""
+
+#: ../../doc/tutorial/install.rst:57 a1b9b7f8f97749a195ec325b70a5e3b4
+msgid "Install"
+msgstr ""
+
+#: ../../doc/tutorial/install.rst:59 a4718a66711141cf8951f1db8cc14a0a
+msgid ""
+"The :ref:`install command <cli_install>` will apply most of the things "
+"needed to get Canaille working. Depending on the configured "
+":doc:`database <databases>` it will create the SQL tables, or install the"
+" LDAP schemas for instance."
+msgstr ""
+
+#: ../../doc/tutorial/install.rst:68 b4ac66f046dd462882bff4bede7c3857
+msgid "Check"
+msgstr ""
+
+#: ../../doc/tutorial/install.rst:70 d64b4d582c434a3d95382a11911ff4d7
+msgid ""
+"After a manual installation, you can check your configuration file using "
+"the :ref:`check command <cli_install>`:"
+msgstr ""
+
diff --git a/doc/locales/fr_FR/LC_MESSAGES/tutorial/troubleshooting.po b/doc/locales/fr_FR/LC_MESSAGES/tutorial/troubleshooting.po
new file mode 100644
index 00000000..a709684d
--- /dev/null
+++ b/doc/locales/fr_FR/LC_MESSAGES/tutorial/troubleshooting.po
@@ -0,0 +1,102 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) 2024, Yaal Coop
+# This file is distributed under the same license as the canaille package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, 2024.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: canaille 0.0.56\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2024-11-22 15:37+0100\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language: fr_FR\n"
+"Language-Team: fr_FR <LL@li.org>\n"
+"Plural-Forms: nplurals=2; plural=(n > 1);\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Generated-By: Babel 2.16.0\n"
+
+#: ../../doc/tutorial/troubleshooting.rst:2 ce37b77d21724400acbd80e265a4ac54
+msgid "Troubleshooting"
+msgstr ""
+
+#: ../../doc/tutorial/troubleshooting.rst:5 0c6a32db27d64339a9abdadb2cbb407e
+msgid "The web interface throws useless error messages"
+msgstr ""
+
+#: ../../doc/tutorial/troubleshooting.rst:7 b2fa75eb63c74b3f8da9c6a0c900e358
+msgid ""
+"Unless the current user has admin :class:`permissions "
+"<canaille.core.configuration.Permission>`, or the installation is in "
+":attr:`~canaille.app.configuration.RootSettings.DEBUG` mode, error "
+"messages won't be too technical. For instance, you can see *The request "
+"you made is invalid*. To enable detailed error messages, you can "
+"**temporarily** enable the "
+":attr:`~canaille.app.configuration.RootSettings.DEBUG` configuration "
+"parameter."
+msgstr ""
+
+#: ../../doc/tutorial/troubleshooting.rst:12 5bb67c25df7941c8a4e6986a24df3e17
+msgid "How to manually install LDAP schemas?"
+msgstr ""
+
+#: ../../doc/tutorial/troubleshooting.rst:16 d37ddcef8efa4a45bf43d91bae3df68a
+msgid ""
+"Schema installation can be automatically done using the :ref:`install "
+"command <cli_install>`."
+msgstr ""
+
+#: ../../doc/tutorial/troubleshooting.rst:18 876a00863ba444f79f41613dcc59d7fe
+msgid "As of OpenLDAP 2.4, two configuration methods are available:"
+msgstr ""
+
+#: ../../doc/tutorial/troubleshooting.rst:20 a127193eeb824165901ce7fa3db06052
+msgid ""
+"The `deprecated <https://www.openldap.org/doc/admin26/slapdconf2.html>`_ "
+"one, based on a configuration file (generally ``/etc/ldap/slapd.conf``);"
+msgstr ""
+
+#: ../../doc/tutorial/troubleshooting.rst:21 fbad067339a546e993f5e244136f4742
+msgid ""
+"The new one, based on a configuration directory (generally "
+"``/etc/ldap/slapd.d``)."
+msgstr ""
+
+#: ../../doc/tutorial/troubleshooting.rst:23 3a21e5904bab4c8d91739b12ee4c82a4
+msgid ""
+"Depending on the configuration method you use with your OpenLDAP "
+"installation, you need to chose how to add the canaille schemas:"
+msgstr ""
+
+#: ../../doc/tutorial/troubleshooting.rst:26 4b537fceb6554f588635a7bc5e09a63e
+msgid "Old fashion: Copy the schemas in your filesystem"
+msgstr ""
+
+#: ../../doc/tutorial/troubleshooting.rst:35 15ed45a91e074ec1b677c5682212c20d
+msgid "New fashion: Use slapadd to add the schemas"
+msgstr ""
+
+#: ../../doc/tutorial/troubleshooting.rst:37 295f1424bd904942bb28064cd696b85a
+msgid "Be careful to stop your ldap server before running ``slapadd``"
+msgstr ""
+
+#: ../../doc/tutorial/troubleshooting.rst:46 dd05d2ab930743b19e40359b27c22652
+msgid "How to manually generate the OIDC keypair?"
+msgstr ""
+
+#: ../../doc/tutorial/troubleshooting.rst:50 a5c7b03ca6c44029bf326dc44be3c7e5
+msgid ""
+"The keypair generation can be automatically done using the :ref:`install "
+"command <cli_install>`."
+msgstr ""
+
+#: ../../doc/tutorial/troubleshooting.rst:52 0dd3ae7d46dc416dbec633b5e6e7b8ed
+msgid ""
+"Canaille needs a key pair to sign OIDC tokens. You can customize those "
+"commands, as long as they match the ``JWT`` section of your configuration"
+" file."
+msgstr ""
+
diff --git a/doc/locales/readme.rst b/doc/locales/readme.rst
new file mode 100644
index 00000000..c09a5fb7
--- /dev/null
+++ b/doc/locales/readme.rst
@@ -0,0 +1,29 @@
+Documentation translation
+Translations are done with `Weblate <https://hosted.weblate.org/projects/canaille/canaille>`_.
+
+The following commands are there as documentation, only the message extraction and the language addition is needed for contributors.
+
+Message extraction
+~~~~~~~~~~~~~~~~~~
+
+After you have edited translatable strings, you should extract the messages with:
+
+.. code-block:: bash
+
+    sphinx-build --builder gettext doc doc/gettext
+
+Language addition
+~~~~~~~~~~~~~~~~~
+
+You can add a new language manually with the following command, however this should not be needed as Weblate takes car of this:
+
+.. code-block:: bash
+
+    sphinx-intl update --pot-dir build/gettext --locale-dir doc/locales -l fr_FR
+
+Build the documentation in another language
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. code-block:: bash
+
+    sphinx-build --builder html --define language=fr_FR doc build/html/fr_FR
diff --git a/pyproject.toml b/pyproject.toml
index 94c47fa2..7a6fd2c7 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -117,7 +117,6 @@ dev = [
 # https://peps.python.org/pep-0632/
     "setuptools >= 50.0.0; python_version>='3.12'"
 ]
-
 doc = [
     "autodoc-pydantic >= 2.0.1",
     "shibuya >= 2024.3.1",
@@ -125,8 +124,8 @@ doc = [
     "sphinx-design >= 0.6.0",
     "sphinx-issues >= 5.0.0",
     "sphinx-click >= 6.0.0",
+    "sphinx-intl>=2.3.0",
 ]
-
 demo = [
     "faker",
     "honcho",
diff --git a/uv.lock b/uv.lock
index 608fc5a1..0b3600b3 100644
--- a/uv.lock
+++ b/uv.lock
@@ -203,6 +203,7 @@ doc = [
     { name = "sphinx" },
     { name = "sphinx-click" },
     { name = "sphinx-design" },
+    { name = "sphinx-intl" },
     { name = "sphinx-issues" },
 ]
 
@@ -271,6 +272,7 @@ doc = [
     { name = "sphinx", specifier = ">=7.0.0" },
     { name = "sphinx-click", specifier = ">=6.0.0" },
     { name = "sphinx-design", specifier = ">=0.6.0" },
+    { name = "sphinx-intl", specifier = ">=2.3.0" },
     { name = "sphinx-issues", specifier = ">=5.0.0" },
 ]
 
@@ -1596,6 +1598,21 @@ wheels = [
     { url = "https://files.pythonhosted.org/packages/c6/43/65c0acbd8cc6f50195a3a1fc195c404988b15c67090e73c7a41a9f57d6bd/sphinx_design-0.6.1-py3-none-any.whl", hash = "sha256:b11f37db1a802a183d61b159d9a202314d4d2fe29c163437001324fe2f19549c", size = 2215338 },
 ]
 
+[[package]]
+name = "sphinx-intl"
+version = "2.3.0"
+source = { registry = "https://pypi.org/simple" }
+dependencies = [
+    { name = "babel" },
+    { name = "click" },
+    { name = "setuptools" },
+    { name = "sphinx" },
+]
+sdist = { url = "https://files.pythonhosted.org/packages/74/67/c7e73f8cf020db01d052d0507ba60fbd10eae018e47be8294a2cda5b940e/sphinx_intl-2.3.0.tar.gz", hash = "sha256:4ddc63be820c94e23393538cc3d4c31631acab7001b0052e4530ff5bf623af97", size = 24176 }
+wheels = [
+    { url = "https://files.pythonhosted.org/packages/3e/b6/7ea313a6796d8a43f2a48fcb158230115789705b32e4d2358fcb74d8467c/sphinx_intl-2.3.0-py3-none-any.whl", hash = "sha256:d753168145035a1378715523e0203fbcfe350b574bfab4d7ae432b36d338b4cf", size = 13802 },
+]
+
 [[package]]
 name = "sphinx-issues"
 version = "5.0.0"