Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • May 16 14:43
    elf-pavlik opened #216
  • May 16 14:43

    elf-pavlik on minutes-2022-05-16

    minutes 2022-05-16 (compare)

  • May 12 12:06
    NSeydoux opened #215
  • May 04 12:24

    elf-pavlik on main

    Create 2022-04-25.md Apply suggestions from code rev… Apply suggestions from code rev… and 1 more (compare)

  • May 04 12:24
    elf-pavlik closed #213
  • May 04 12:24
    elf-pavlik synchronize #213
  • May 04 12:23
    elf-pavlik synchronize #213
  • May 03 12:05

    elf-pavlik on meeting-minutes-05-02

    (compare)

  • May 03 12:05

    elf-pavlik on main

    Add meeting minutes from 2 May … Apply suggestions from code rev… Minor correction and 1 more (compare)

  • May 03 12:05
    elf-pavlik closed #214
  • May 02 16:00
    acoburn synchronize #214
  • May 02 16:00

    acoburn on meeting-minutes-05-02

    Minor correction (compare)

  • May 02 15:59

    acoburn on meeting-minutes-05-02

    Apply suggestions from code rev… (compare)

  • May 02 15:59
    acoburn synchronize #214
  • May 02 15:31
    acoburn opened #214
  • May 02 15:31

    acoburn on meeting-minutes-05-02

    Add meeting minutes from 2 May … (compare)

  • Apr 26 20:16
    NSeydoux opened #213
  • Apr 06 12:19

    elf-pavlik on main

    Create 2022-04-04.md Apply suggestions from code rev… Merge pull request #212 from NS… (compare)

  • Apr 06 12:19
    elf-pavlik closed #212
  • Apr 06 12:19
    elf-pavlik synchronize #212
elf Pavlik
@elf-pavlik
jaxoncreed
@jaxoncreed
@justinwb sure. Point me to the resources to get started. Exactly where should it be? Should it follow the same structure (just updated for the new auth spec)?
jaxoncreed
@jaxoncreed
@justinwb where should I put this documentation?
i’m not too particular about one vs. another
not sure if anyone else has a preference?
Aaron Coburn
@acoburn
no strong preference. Seems like it would be nice to group the primer with the rest of the solid-oidc proposal (I think the GitHub action would need a bit of adjustment, though)
jaxoncreed
@jaxoncreed
Hey all, I created the detailed walkthrough as requested. Let me know if there are any inaccuracies: solid/authentication-panel#85
I also found a few places where the spec seemed confusing or contradictory so I opened a few issues on that as well: solid/authentication-panel#88 solid/authentication-panel#87 solid/authentication-panel#86
Justin Bingham
@justinwb
great @jaxoncreed :white_check_mark: will take a look before monday. are you able to make monday’s panel session to review with the group?
jaxoncreed
@jaxoncreed
Yeah! I’ll come monday
elf Pavlik
@elf-pavlik
:tada:
Aaron Coburn
@acoburn
@jaxoncreed thanks so much! There’s some great stuff there
naturzukunft
@naturzukunft_gitlab

Hi there, since a few weeks i plan to access my pod ;-) This oauth thing is driving me crazy.

To get the AccessToken i think i've to post something like that:

curl --location --request POST 'https://solidcommunity.net/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=authorization_code' \
--data-urlencode 'client_id=https://naturzukunft.solidcommunity.net/profile/card#me' \
--data-urlencode 'code=xxxxxxxxxxx' \
--data-urlencode 'client_secret=https://naturzukunft.solidcommunity.net/profile/card#me' \
--data-urlencode 'redirect_uri=http://localhost:8080'

and the code seems to be the authorization token.

That i think can be fetched with somethiong like that:

curl --location --request POST 'https://solidcommunity.net/authorize' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'response_type=code' \
--data-urlencode 'client_id=https://naturzukunft.solidcommunity.net/profile/card#me' \
--data-urlencode 'scope=create' \
--data-urlencode 'redirect_uri=localhost:8080/callback'

The second one says: 401 Unauthorized

do you want to save my weekend?
Thanks Fredy

matrixbot
@matrixbot
aveltens you cannot use your WebID as client_id, you may pass an application webID in the future, but this is currently not implemented yet afaik
aveltens use the client_id you got from client registration
aveltens also I am not sure if x-www-form-urlencoded will work. I had success POSTing application/json
matrixbot
@matrixbot
aveltens you will get a 302 Found with a Location Header in case of success
aveltens redirecting to the Login page
aveltens oh, and scope should be openid
aveltens at least this is what worked for me. But I am no expert in Solid-OIDC, so anybody please feel free to correct or complement me
naturzukunft
@naturzukunft_gitlab

so if i understand you correct, that it is:

curl --location --request POST 'https://solidcommunity.net/authorize' \
--header 'Content-Type: application/json' \
--data-raw '{
"response_type":"code",
"client_id":"2ee6e1aebef0f7491462242faa45fd0b",
"scope":"openid",
"redirect_uri":"https://app.example/oidc_callback"
}
'
with this request here, i get the login HTML site. That is maybe correct, but i don't want to run in the browser ;-(

Aaron Coburn
@acoburn
With authorization code flow, a browser will need to be involved at some point. What might work for you is to request a scope of “openid offline_access” (provided that the identity server supports this scope). This will still involve an initial browser-based login process, but the token endpoint will deliver a refresh token. That refresh token can then be used indefinitely without any further browser interaction.
Sarven Capadisli
@csarven

Proposing agenda item for the next meeting (today): https://github.com/WICG/WebID/issues/41#issuecomment-716446481 (see rest of the repo for details on WICG's WebID re authentication space). There is a TPAC breakout session on WICG/WebID: https://www.w3.org/2020/10/TPAC/breakout-schedule.html#webid .

As said, we (Solid CG) should identify areas where they may be synergy with the WICG looking into "WebID".

Sarven Capadisli
@csarven
^ @acoburn @bblfish
Dmitri Zagidulin
@dmitrizagidulin
(oh eep, I just realized the Secure Data Storage WG breakout is right during the Authn Panel call today!)
Dmitri Zagidulin
@dmitrizagidulin
@csarven I talked to Sam Goto (the Chrome dev team guy behind WICG/WebID) this past week at IIW. Seems like a really great project (aside from unfortunate name collision :) ), potentially very helpful to Solid & solid auth. Also a lot of overlap with the Credential Handler API (CHAPI) wallet work
elf Pavlik
@elf-pavlik
I racall Sam Goto leading work on Schema.org Actions many years ago http://blog.schema.org/2014/04/announcing-schemaorg-actions.html I guess he should be familiar with structured data.
At the end of last week's meeting we already created pad for today's agenda: https://hackmd.io/NttcxtwiQGawjki8yGDTkA
q+ re :point_up:
elf Pavlik
@elf-pavlik
q+ to add access scenarios which don't require webid
Aaron Coburn
@acoburn
+1 on proposing a PR (or proposing solutions in an issue)
Sarven Capadisli
@csarven
Is the rpimer rendered somewhere?
Dmitri Zagidulin
@dmitrizagidulin
has the meeting link changed?
Sarven Capadisli
@csarven
having bikeshed / syntax highlighting errror
Dmitri Zagidulin
@dmitrizagidulin
(was trying the usual inrupt/webex link, doesn't seem to be working?)
Aaron Coburn
@acoburn
@dmitrizagidulin we finished a few minutes early
Dmitri Zagidulin
@dmitrizagidulin
ah ok whew :)
thanks
Justin Bingham
@justinwb
git action probably needs a slight tweak to pickup and render any .bs
Matthieu Bosquet
@matthieubosquet
@csarven https://solid.github.io/authentication-panel/solid-oidc/primer.html
I tweaked the GitHub actions as part of the pull request.
Sarven Capadisli
@csarven
Thanks!
Dmitri Zagidulin
@dmitrizagidulin
@csarven well written & nicely phrased!
Sarven Capadisli
@csarven

The name collision is significant but a temporary issue if addressed soon. This is where communities acting in good faith goes a long way.

A much bigger and a long-term issue is communities addressing similar problems/needs re Web identifiers (and linked identities) and authentication - at least the rough bits right now if we compare their notes with ours. Soon enough it will affect authorization, payments...

This is all part of a broad and complicated discussion involving different communities with their preferred stuff. And, it is in the camp of age old issues eg. identity in the browser, formats, .. through OWP.

I suggest that we identify areas where synergy may - should! - be possible. Components/mechanisms that UAs can handle natively or provide good support would be preferable than using/injecting separate libraries/systems. (Related obvious example: it doesn't take much to know that browsers natively handling RDF parsing/serializing would make things heck of a lot simpler/better for developers and end-users than...)

Perhaps we need an issue on this in solid/specification or solid/authentication-panel ... but first I suggest that we review their WIP, come up with the overlap/delta.. and discuss with WICG. Relatively simple: Could/Will they use RWW/Solid's WebID? Same same but different? (Their examples seems to be using domains or emails, and seems to have room for DIDs... so WebID can also be part of the picture) Complex: authentication.. what does that entail for the Solid ecosystem? Obviously we don't want to be in a situation where browsers natively do something similar to what Solid proposes. If sufficiently compatible, it'll be easy to transition I presume, but my concern is that we should not end up in that situation, if we take the right steps, now.

elf Pavlik
@elf-pavlik
@/all hi, i've just created pad for today: https://hackmd.io/Ak2k9kX3T4qjp0tr5Ndp1w