update to DPoP authentication. Legacy being deprecated.
ewingson opened this issue · 0 comments
ewingson commented
Solid recently had an update from legacy auth to the use of DPoP auth.
We noticed that your app still is using the old auth.
We'd like to encourage you to switch to the new auth using the Demonstrating Proof of Posession technology.
Our motivation for the update was using the standard OIDC-way.
- CSS is and will only use DPoP.
- For a transition period NSS is able to use both legacy and DPoP.
- SolidOS has been migrated and only uses DPoP.
Javascript libraries using the new authentication methods include :
- Inrupt's solid-client-authn-browser for the browser and solid-client-authn-node.
- and solid-node-client for nodejs.
- To obtain a token for nodejs app login, you will also need Inrupt's generate-oidc-token.
Some simple examples of javascript app using the DPoP auth can be found here
- https://github.com/0dataapp/hello/tree/main/solid.
- or https://github.com/jeff-zucker/solid-ide (simple migration).
The list of apps using the new DPoP authorization can be followed here dpop-status.
Just let us know if we can assist you on switching your app at https://gitter.im/solid/app-development or https://forum.solidproject.org
From solid team