solid-auth-client icon indicating copy to clipboard operation
solid-auth-client copied to clipboard
verified publisher icon nodeSolidServer

Popup login does not allow giving a domain access rights

Open navaronbracke opened this issue 5 years ago • 3 comments

When using auth.popupLogin({ popupUri });, the user does not get the option to set the access rights for the current domain url.

Actual

When logging in the popup asks the user for his credentials, logs in and closes.

However, the domain url does not become a trustedApp entry in the user's profile, despite the docs stating that the login automatically registers the app.

The docs state the following: SolidAuthClient automatically registers your OIDC client application if it is unknown to the authorization server, following the registration request spec. Does this have anything to do with the above, or am I mistaken?

Expected

The first login on a new domain (e.g. https://myhost.com) should log the user in and add a http://www.w3.org/ns/auth/acl/trustedApp entry in the user's profile.

The user should be able to select which permissions the domain gets (a combination of Read, Write, Append,Control). This should preferably happen in a second panel within the open popup.

Reproduction steps

Before you start, verify that the domain that is about to be tested is not a trusted app in your profile document.

Create a new javascript app (standard index.html with a button for logging in. Serving with localhost should suffice).

Call await auth.popupLogin({ popupUri }); where popupUri is an Identity Provider's popup url. For instance https://inrupt.net/common/popup.html.

Enter your Solid account credentials and log in.

Observe that the login succeeds & the popup closes.

The domain is still not under trustedApps in your Solid profile document. The popup never gave the user the option to set the permissions for the domain.

navaronbracke avatar Dec 16 '20 10:12 navaronbracke

Yes that's true. But the app you are using is https://inrupt.net/common/popup.html and https://inrupt.net should be added to the trusted apps if it was not in the list.

bourgeoa avatar Dec 16 '20 13:12 bourgeoa

Thus I have to use my own popup file? E.g. https://myhost.com/common/popup.html ? Secondly, https://inrupt.net never ends up in the list of trusted apps. It's always an empty list. That also does not address the fact that the domain I run my application on, does not become a trusted app.

navaronbracke avatar Dec 16 '20 13:12 navaronbracke

I have the same issue. I would also expect for my app to be added, because it's my app that will be adding data to the POD.

pheyvaer avatar Jan 05 '21 11:01 pheyvaer