WebID-OIDC authn (minimum demo features)

[nicola]

MVP demoable feature set

Test implementation of OIDC-based signup and signin has been deployed to: https://databox2.com

See also: PR #330/dz_oidc branch for work in progress.

Remaining items:

Solid-server

• Convert 401 Unauthorized error page to use the signin/Discovery app.
• Provider discovery by entering WebId (e.g. https://alice.databox.me/profile/card#me)
• User signup (creating the OIDC user with password on regular account creation)
• User signin using WebId & password
• Sign in by entering account id (e.g. alice) & pw
• Sign in by entering email & pw
• Receive ID Token and Access Token at the end of the authenticate() dance.
• Integrate access token parsing into RS or solid server
• Integrate OIDC config generation into solid init
• Implement /signout api endpoint (clears session cookie, sends signout request to OIDC provider)
• Provider discovery by entering email (WebFinger / WebFist integration)

General/Design

• Design model/workflow for multi-domain authorization - see solid/solid#99

solid-client (client lib support)

• Refactor existing WebID-TLS based code into separate pluggable library - see solid-client#91
• Add support for oidc authentication - see solid.js#92

solid-auth-oidc

Create a separate OIDC authentication lib for solid-client to use. (see solid-auth-oidc)

• Add OIDC support for the signin() function. see solid-auth-oidc#1
• Add ability to store OIDC Id Tokens client-side (in local storage etc) and send them along with web client CRUD API requests. see solid-auth-oidc#2
• Implement Signup support (workflow deposits user back into the app, authenticated). see solid-auth-oidc#4
• Implement OIDC signout() capability. see solid-auth-oidc#3

External solid apps

• Revamped Solid signup app - see solid/solid-signup-ui
• Revamped Solid signin app
• Authorize app (to sign into 3rd parties) - see solid/solid-authorization-ui

[philipbeadle]

I tried databox2.com and keep getting for any value

Could not connect to server on https://philip.databox2.com/

Am I missing something?

[dmitrizagidulin]

@philipbeadle er, sorry bout that :) We're having trouble with domain/certificate expiration, pay no attention.
If you'd like a testbed server to try out, use https://solidtest.space

Does an app example for OIDC AUTH exist somewhere?

nb: old concept http://mediaprophet.org/ux_KB/ (Oct 2013)

[dmitrizagidulin]

@mediaprophet There's a sample OIDC Auth app at https://github.com/solid/solid-auth-oidc/blob/master/demo/index.html

You can either run it directly at github.io at https://solid.github.io/solid-auth-oidc/demo/

or npm install http-server, check out a copy of the solid-auth-oidc repo, and http-server demo/.

I made another UX template, but can't find it on my web server. will let you know if i find it. basically, i used: http://pages.revox.io/dashboard/ (which i'm looking forward to stitching together)...

found it: see auth concept http://webcivics.org/dev/ (note, dummy data works). 2nd factor concept = WebID-TLS Cert (That may declare a machine /Account rather than a person).

Which in-turn fits into: http://mediaprophet.org/ux_KB/page4115294.html#0 concept (noting that menu lists out a bunch of functions that were thought out a few years back now...)

[philipbeadle]

Awesome, just used my https://philipbeadle.solidtest.space to login to the demo oidc app :) Now to investigate how to get solid.social to log in with oidc!!

[RubenVerborgh]

Done.