Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Aug 11 20:52
    @RubenVerborgh banned @mikeadams1
Matthias Evering
@ewingson
okay, will put hands on that part
Matthias Evering
@ewingson
@Vinnl case you wondered you got no email, now I've the right port configured, the default was incorrect
also I found you mandatory need a trailing slash
vinnl
@vinnl:matrix.org
[m]
Ah haha I didn't even notice - worked fine otherwise. It's now being autosuggested on penny.vincenttunru.com :)
Matthias Evering
@ewingson
schön
elf Pavlik
@elf-pavlik
It would be great to get some feedback in AuthN Panel on current implementation of Solid-OIDC in CSS as well as some breaking changes we are currently considering solid/solid-oidc#18 (very early draft just hinting the direction)
If possible we could discuss it on https://gitter.im/solid/authentication-panel or here. Even better we could dedicate most of one of Monday meetings of the panel for that, if person implementing it in CSS would be able to join.
elf Pavlik
@elf-pavlik
I think CSS would provide important feedback on the possible direction of introducing ResourceServer associated AuthorizationServer . As well as AuthZ relevant direction we explore in the Interop Panel which would provide feature comparable to scopes in OAuth2 but very likely would require the Client to pass additional information (push extra claim) to mentioned RS associated AS. It is related to this use case https://solid.github.io/authorization-panel/authorization-ucr/#uc-client-constraints
Joachim Van Herwegen
@joachimvh

@elf-pavlik To give you an overview, the OIDC/IDP component was originally written by Jackson and Matthieu, with a lot of the heavy lifting being done by the node-oidc-provider library. Afterwards I have made several changes based on issues and extra features. So if a new feature needs to be added it would probably be done by me, but my OIDC knowledge is mostly based on the issues I encountered and conversations I had with @matthieubosquet so is definitely not comprehensive.

I can join such a meeting though, just not sure what level of OIDC spec knowledge is required to have a valuable discussion :D

elf Pavlik
@elf-pavlik
Thank you @joachimvh Now I know who to ask questions and I can always check relevant details directly in the codebase :eyes:
Aaron Coburn
@acoburn
@joachimvh the most relevant specification for this conversation is OAuth2. But there is a high-level discussion to be had that will be somewhat independent of the arcane details of those specifications. IOW, you will surely be able to provide valuable insight from the CSS perspective.
Matthias Evering
@ewingson
@jeff-zucker @RubenVerborgh @joachimvh have I tracked down this right https://github.com/solid/community-server-recipes/blob/main/mashlib/config-mashlib.json#L59 that needs work for mashlib as default for CSS ?
Jeff Zucker
@jeff-zucker
@ewingson - yes, I used a modified version of that.
Matthias Evering
@ewingson
okay, then I'm not nuts ;-) can I help you testing ?
Jeff Zucker
@jeff-zucker
Except, I removed line #59 and relied instead on solid-client-authn-browser which is imported in mashlib and doesn't need to be imported here.
Matthias Evering
@ewingson
will you give me a green lantern if I can use some recipe for production ?
Jeff Zucker
@jeff-zucker
That one for mashlib is very close
You could probably use it as-is with the new mashlib
Matthias Evering
@ewingson
I don't have SolidOS on the production machine, just CSS
hmm in the meantime... as much as I caught up I will wait for a recipe
Jeff Zucker
@jeff-zucker
A recipe is not what is missing, you pointed to it above.
Matthias Evering
@ewingson
hmm help me understand.. I omit Line 59 and do what exactly ?
Jeff Zucker
@jeff-zucker
You use that for your config instead of file.json and install mashlib
Matthias Evering
@ewingson
per npm ?
Jeff Zucker
@jeff-zucker
you can use the npm for mashlib@1.7.5-alpha or wait a week or so until it goes out of alpha into production
I will give you the green light when that is ready, I'm just saying it's not the recipe part you need to wait for
Matthias Evering
@ewingson
I'll wait and I delete Line 59 cause that uses solid-auth-client ?
Jeff Zucker
@jeff-zucker
Right. Though that line doesn't actually use solid-auth-client, it just says "if someone asks for solid-auth-client, this is where to find it. The line has no impact on the new mashlib or its authn system
I can submit a PR to remove that from the CSS mashlib recipe when the new mashlib is ready
Matthias Evering
@ewingson
and that line would open a popup which is done otherwise with an redirect through the new authn-upgrade ? that direction ?
Jeff Zucker
@jeff-zucker
No, that line does not do anything but give the location of solid-auth-client so that if some app imports it, it will find it; Yes the new mashlib will handle authn via a redirect, not a popup.
ch1ch0gz
@ch1ch0gz
Hi, not sure if someone has already asked this here, so apologies in advance, just joined this chat.
I am trying to check out the new CSS on my own server. I can run it locally but not on a specific URL. I could not find in README how to do it? I already tried --baseUrl. -b parameter.
Are there any extra steps?I get a :
image.png
11 replies
ch1ch0gz
@ch1ch0gz
When you install the CSS in your server, where are the created pods stored? I memory? I do not seem to find them.
Jeff Zucker
@jeff-zucker
@ch1ch0gz if you start the server without specifying one of the configs, it is all in-memory; use -c @css:config/file.json -f rootFilePath when you start. The -c tells CSS to store in files, the -f tells it where to store those files
ch1ch0gz
@ch1ch0gz
I will try that, thanks!
Matthias Evering
@ewingson
am I right, when in production to use -b flag instead of -f ?
Jeff Zucker
@jeff-zucker
@ewingson AFAIK -b should be used in addition to, not instead of -f. The baseUrl (-b) is the URL that outside clients will contact. The rootFilePath (-f) is the path on the server where files will be stored.
Jeff Zucker
@jeff-zucker
^^ -f assumes you want to store data in files, there are other options
Matthias Evering
@ewingson
I guess that would be the -f webroot then ?
Jeff Zucker
@jeff-zucker
If webroot is the container on your server where data is stored, yes
ch1ch0gz
@ch1ch0gz
When using Penny I seem to have access to the pod root directory...which allows me to see all the pods available in my CSS...Is that normal? Also what are the idp and locks folders?
ch1ch0gz
@ch1ch0gz
Additionally, how can I enable and send a query using the sparql endpoint in CSS?
Joachim Van Herwegen
@joachimvh
@ch1ch0gz the /index.html in the root container contains some more information, by default the root /.acl allows access to everyone so that needs to be changed if you don't want that
the idp and locks folders are for internal data, we're looking into making sure those are hidden in the future
CSS itself does not provide support (yet?) for sending SPARQL queries. It simply allows you to use a sparql endpoint for storing the Solid data. If you want to send queries you'll have to send them to the endpoint directly
Ruben Verborgh
@RubenVerborgh
@ch1ch0gz Plus, if the folder you start the server from contains an .acl file, or if you would edit the created .acl, then you can set permissions any way you want (even before starting the server)
ch1ch0gz
@ch1ch0gz
@RubenVerborgh @joachimvh . Thanks for the answers.
ch1ch0gz
@ch1ch0gz
@joachimvh I have been trying to run the CSS as per your solution https://gist.github.com/joachimvh/da75e1239fb026db0b3375ded505b21f
community-solid-server --baseUrl https://dev.ideniox.com -c @css:config/sparql-endpoint.json -f /var/www/css -s http://dev.ideniox.com:8890/sparql
But it seems that if add the sparwl-endpoint.json, then -f /var/www/css is completely ignored...
ch1ch0gz
@ch1ch0gz
To make it clearer I want to be able to store data either on the file system and or on the backend.
ch1ch0gz
@ch1ch0gz
currently I get a "No ACL document found for root container" when trying to log in...
Jeff Zucker
@jeff-zucker
does /var/www/css/.acl exist? If not, copy one there from the templates/root folder of CSS