solid-oidc
solid-oidc copied to clipboard
solid
The repository for the Solid OIDC authentication specification.
In #request-flow-step-1: >Client can discover Authorization Server by making request to the resource Mention that the client should check the `WWW-Authenticate` HTTP header for the `as_uri` parameter.
In #authorization-code-pkce-flow-step-19: Comma after: >"azp": "https://decentphotos.example/webid#this"
In #authorization-code-pkce-flow-step-15: >The OP looks up the code that was saved earlier in a keystore. Link to the section/statement that's mentioned. Fix "corresponds with the code challenge" link.
In #authorization-code-pkce-flow-step-14: Update to use valid HTTP headers and message
In #authorization-code-pkce-flow-step-12: Consider linking to "elliptic curves"
In #authorization-code-pkce-flow-step-7: >see note above to see other options Give the note an identifier and link to it.
In #authorization-code-pkce-flow-step-3: >The thing we care about here >Note that we only support the code response type. Paraphrase. >However, implicit flows should not be used for security reasons. Therefore, we...
In #solid-oidc-flow: Provide a brief explanation about the two flows in this section before diving into the subsections.
In #actors: What's a "standard web browser"? Text-based browser okay? JavaScript and/or cookies must be enabled? "Alice’s WebID" can be trimmed. s/contains/links to perhaps. Consider using something other than Alice...
In #intro: Explain why this document exists / how it accompanies the spec. Who is it for...