node-solid-server icon indicating copy to clipboard operation
node-solid-server copied to clipboard

Published 20 hours ago verified publisher icon nodeSolidServer

How to let user authorize/revoke Pod permissions for specific Solid Application?

Open peter279k opened this issue 5 years ago • 6 comments

As title, and it's related to issue solid/solid-auth-client#142

If I use the https://electric-data-pod.com:8443/popup.html target via popup window to login the specific Solid App, it only does authentication.

Then redirecting to the Solid App home page if authentication is successful.

It didn't present any authorization page to let user select proper Pod access permissions.

And I think it's expected as following captured shot before redirecting to the Solid App home page, but it doesn't present.

image

Another question is about permission revoking.

I want to let user revoke Pod permission on specific Solid App at any time.

Or authorize new permission for specific Solid App.

But I also cannot find any examples about this.

Could anyone know these two questions? Thanks.

peter279k avatar Nov 04 '19 08:11 peter279k

Here is the client demo about reproducing this issue:

Using the export POPUP_URI='https://electric-data-pod.com:8443/common/popup.html'; npm run start:demo command to run Solid client demo.

Then clicking the Login via popup button, it will present following page:

image

Then typing the account and password to do authentication on Pod login page.

Then clicking Login in button, it closes popup window then the page presents the logged page:

image

It doesn't have any permission authorization page to let users choose.

If we use the Log in button on Solid client demo page, it will redirect to the authorization page:

image

image

image

peter279k avatar Nov 04 '19 08:11 peter279k

You've hit on a huge problem. It is widely acknowledged that the current experience for attenuated access control is extremely poor. In fact, we have a whole panel devoted to figuring out the solution (https://github.com/solid/authorization-and-access-control-panel)

It didn't present any authorization page to let user select proper Pod access permissions.

Solid Auth Client will be getting a rewrite in the coming months to address problems like this.

I want to let user revoke Pod permission on specific Solid App at any time.

There is currently no way for a user to do this via the app if they didn't give write access to the application preferences. They would need to log into their pod directly to modify this.

jaxoncreed avatar Nov 04 '19 16:11 jaxoncreed

Hi @jaxoncreed, thanks for your reply. My questions are as follows after your passionate explanation.

If user has authorized the permissions for the specific Solid App, they don't have second chance to modify this.

To modify that permission again, they should login to their Pod server and modify them manually.

It's not possible to revoke permissions via Solid authentication client, right?

I wonder why the Solid auth client doesn't support modifying authorized permissions.

peter279k avatar Nov 04 '19 16:11 peter279k

The main reason is that there was nothing even written in the spec to do that. We're currently working on figuring out the best way to do attenuated authorization.

jaxoncreed avatar Nov 04 '19 18:11 jaxoncreed

This should likely be moved elsewhere; auth client only does authentication, not authorization.

RubenVerborgh avatar Nov 04 '19 18:11 RubenVerborgh

Randomly came across this issue. I assume it is resolved already, as the servers (at least NSS) already supports controlling app permission?

renyuneyun avatar Oct 23 '23 10:10 renyuneyun