Popup login does not allow giving a domain access rights

Question

Popup login does not allow giving a domain access rights

navaronbracke opened this issue 4 years ago · 3 comments

When using auth.popupLogin({ popupUri });, the user does not get the option to set the access rights for the current domain url.

Actual

When logging in the popup asks the user for his credentials, logs in and closes.

However, the domain url does not become a trustedApp entry in the user's profile, despite the docs stating that the login automatically registers the app.

The docs state the following: SolidAuthClient automatically registers your OIDC client application if it is unknown to the authorization server, following the registration request spec. Does this have anything to do with the above, or am I mistaken?

Expected

The first login on a new domain (e.g. https://myhost.com) should log the user in and add a http://www.w3.org/ns/auth/acl/trustedApp entry in the user's profile.

The user should be able to select which permissions the domain gets (a combination of Read, Write, Append,Control).
This should preferably happen in a second panel within the open popup.

Reproduction steps

Before you start, verify that the domain that is about to be tested is not a trusted app in your profile document.

Create a new javascript app (standard index.html with a button for logging in. Serving with localhost should suffice).

Call await auth.popupLogin({ popupUri }); where popupUri is an Identity Provider's popup url.
For instance https://inrupt.net/common/popup.html.

Enter your Solid account credentials and log in.

Observe that the login succeeds & the popup closes.

The domain is still not under trustedApps in your Solid profile document.
The popup never gave the user the option to set the permissions for the domain.

Answer 1 · 2020-12-16T13:03:20.000Z

Yes that's true. But the app you are using is https://inrupt.net/common/popup.html and https://inrupt.net should be added to the trusted apps if it was not in the list.

Answer 2 · 2020-12-16T13:56:14.000Z

Thus I have to use my own popup file? E.g. https://myhost.com/common/popup.html ?
Secondly, https://inrupt.net never ends up in the list of trusted apps. It's always an empty list.
That also does not address the fact that the domain I run my application on, does not become a trusted app.

Answer 3 · 2021-01-05T11:48:26.000Z

I have the same issue. I would also expect for my app to be added, because it's my app that will be adding data to the POD.