solid-oidc
solid-oidc copied to clipboard
solid
The repository for the Solid OIDC authentication specification.
We recently ran into an situation where a client added some metadata to its Client ID Document, in particular a `logo_uri`. The value for this property was relative URL, which...
Hi everyone! * **TL;DR:** Suggestion to add a _SHOULD_ or _MUST_ in the spec for declaring basic information like the label or icon of a Solid-OIDC. After a very interesting...
Passkey
**Search terms you've used** passkey **Is your feature request related to a problem? Please describe.** enabling password less auth **Describe the solution you'd like** - express if passkey is part...
Some authentication issues to find a resolution to in the Solid-OIDC and Solid protocol specs, in order of priority: (Auth 1) Essential for Solid-OIDC: RFC 9207 should be adopted to...
We can document existing, ongoing, or planned implementations. It will serve to advance this panel's specs. This issue is not intended to be the canonical location for implementations or to...
I am not sure if this is the correct specification, but I'd suggest to add security considerations for the write/changability of the solid:oidcIssuer triple in the WebID profile. The solid:oidcIssuer...
This is one of the issues raised in a conversation with @dteleguin [5.2. OIDC Registration](https://solid.github.io/solid-oidc/#clientids-oidc) > For non-dereferencable identifiers, the Client MUST present a client_id value that has been registered...
This is one of the issues raised in a conversation with @dteleguin https://datatracker.ietf.org/doc/html/draft-ietf-oauth-dpop DPoP spec talks explicitly about binding Access Tokens. Solid-OIDC only uses * [4. ](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-dpop#section-4)[DPoP Proof JWTs](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-dpop#name-dpop-proof-jwts) *...
While trying to [fixing solid-flask](https://gitlab.com/agentydragon/solid-flask/-/merge_requests/1/diffs) I've noticed that ESS requires a basic auth with (client_id, client_secret) to retrieve access tokens at the token_endpoint. As far as I've seen this behaviour...