Automatically add solid:OIDCIssuer triple to profiles which don't have it.

Question

Automatically add solid:OIDCIssuer triple to profiles which don't have it.

timbl opened this issue 2 years ago · 3 comments

See gitter discussion https://gitter.im/solid/solidos?at=62b358cb568c2c30d3de28f3

This is about automatically adding the triple

<#me> solid:oidcIssuer <https://inrupt.net> .

for example for any pod on inrupt.net

Otherwise people will not be able to log into CSS -- or into NSS if we turn on the need for it later.

Answer 1 · 2022-06-23T14:18:32.000Z

I made a quick script for this: https://github.com/RubenVerborgh/add-oidc-issuer/blob/main/add-oidc-issuer.sh

Should work with ./add-oidc-issuer.sh inrupt.net /path/to/inrupt.net/data.

Assumptions (which were true on NSS some time ago):

pod folder names are pod1, pod2, etc.
card file name is pod1/profile/card$.ttl

Answer 2 · 2022-06-27T12:47:24.000Z

This was done for solidcommunity.net (prod and test), for inrupt.net (prod and dev) and for solidweb.org.

Answer 3 · 2022-06-27T12:50:10.000Z

For reference, if there is an error like Error attempting to handle what looks like an incoming OAuth2 redirect - could just be a user hitting the 'back' key to a previous redirect (since that previous code will no longer be valid!): Error: Token endpoint returned error [invalid_dpop_proof]: invalid DPoP key binding ("iat" claim timestamp check failed (too far in the past)) DemoClientApp.js:187:25 -> check the client laptop clock. see: CommunitySolidServer/CommunitySolidServer#1014 (comment)