Automatically add solid:OIDCIssuer triple to profiles which don't have it.
timbl opened this issue · 3 comments
See gitter discussion https://gitter.im/solid/solidos?at=62b358cb568c2c30d3de28f3
This is about automatically adding the triple
<#me> solid:oidcIssuer <https://inrupt.net> .
for example for any pod on inrupt.net
Otherwise people will not be able to log into CSS -- or into NSS if we turn on the need for it later.
I made a quick script for this: https://github.com/RubenVerborgh/add-oidc-issuer/blob/main/add-oidc-issuer.sh
Should work with ./add-oidc-issuer.sh inrupt.net /path/to/inrupt.net/data
.
Assumptions (which were true on NSS some time ago):
- pod folder names are
pod1
,pod2
, etc. - card file name is
pod1/profile/card$.ttl
This was done for solidcommunity.net (prod and test), for inrupt.net (prod and dev) and for solidweb.org.
For reference, if there is an error like Error attempting to handle what looks like an incoming OAuth2 redirect - could just be a user hitting the 'back' key to a previous redirect (since that previous code will no longer be valid!): Error: Token endpoint returned error [invalid_dpop_proof]: invalid DPoP key binding ("iat" claim timestamp check failed (too far in the past)) DemoClientApp.js:187:25
-> check the client laptop clock. see: CommunitySolidServer/CommunitySolidServer#1014 (comment)