solid-oidc
solid-oidc copied to clipboard
solid
The repository for the Solid OIDC authentication specification.
Capturing from https://github.com/solid/solid-oidc/pull/18/files#r781105146 >>> @leifj: >>> A general comment is that this is not strictly true. Since the AS fetches the WebID document of the user it relies on being...
Looking at the sequence diagram we can see 6 conformance classes, I'd like to clarify which section applies to which conformance class. 1. End User's WebID Document * [WebID Issuer...
At present, the spec simply says what properties must be included in the [Access Token](https://solid.github.io/solid-oidc/#tokens-access) and [ID Token](https://solid.github.io/solid-oidc/#tokens-id), however, it does not specify that you probably shouldn't include more information...
I'm creating this issue as follow up to the topic discussed today solid/authentication-panel#199 Looking at [OIDC: 12. Using Refresh Tokens](https://openid.net/specs/openid-connect-core-1_0.html#RefreshTokens) it looks that ID Token can also be refreshed by...
[Section 6.2 of the Solid-OIDC spec](https://solid.github.io/solid-oidc/#tokens-id) reads: > The user’s [singular] WebID MUST be present in the ID Token as the `webid` claim. While this sentence implies that the token...
WebID provides a structured way to identify and refer to agents, but there are now other structured forms of identification, such as [Decentralized Identifiers (DIDs)](https://w3c-ccg.github.io/did-spec/) and [Verifiable Credentials](https://www.w3.org/TR/vc-data-model/). The name...
The [published](https://solid.github.io/authentication-panel/solid-oidc-primer/) primer contains 2 flows. But there is no introduction as to when they are needed and why. A short paragraph or two doing that would help make the...
Add a Conformance Classes section listing the roles eg. Identity Provider, Resource Server, Client, that Solid OIDC specifies. The criteria for each of the roles can be described in their...
Either create own test suite or ensure the ones in the following suites are accurate: * [ ] https://github.com/solid/test-suite * [ ] https://github.com/solid/conformance-test-harness
I was confused by [14. Token request with code and code verifier](https://solid.github.io/solid-oidc/primer/#authorization-code-pkce-flow-step-14). So far none of the Solid pod issuers I've tried seem to require a DPoP header for a...
