Ship a client-id document so IDPs can display 'pilot' instead of 'Unknown App'

[melvincarvalho]

Problem

During the Solid-OIDC consent flow, JSS's consent page shows "Unknown App" for pilot. Users see:

Authorize Access
Allow this app to access your data?
Unknown App
Signed in as test@jss
This app is requesting access to: openid, offline_access, webid

Users have no way to verify what's asking for access.

Why

Pilot doesn't expose a Solid application identifier (a static client_id document with oidc:redirect_uris, solid:client_id, solid:client_name, etc.) at a stable URL. The IDP can only display what's in the OIDC dynamic registration payload, which is minimal.

Proposed fix

Ship a static JSON-LD client-id document at (e.g.) https://solid-apps.github.io/pilot/app.jsonld containing:

{
  "@context": "https://www.w3.org/ns/solid/oidc-context.jsonld",
  "client_id": "https://solid-apps.github.io/pilot/app.jsonld",
  "client_name": "pilot",
  "redirect_uris": ["https://solid-apps.github.io/pilot/"],
  "grant_types": ["authorization_code", "refresh_token"],
  "response_types": ["code"],
  "scope": "openid offline_access webid",
  "token_endpoint_auth_method": "none",
  "application_type": "web",
  "logo_uri": "https://solid-apps.github.io/pilot/icon-192.png"
}

Then pass client_id: "https://solid-apps.github.io/pilot/app.jsonld" during OIDC auth so the IDP can fetch it and display the friendly name + logo.

Pilot already has app.json — this is a close-to-free enhancement.