inrupt / solid-client-authn-js Goto Github PK
View Code? Open in Web Editor NEWA client library for authenticating with Solid
Home Page: https://solid-client-authn-js.vercel.app
License: Other
solid-client-authn-js's People
Contributors
![dependabot-preview[bot] avatar](https://avatars.githubusercontent.com/in/2141?v=4 "dependabot-preview[bot]")
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
Stargazers
Watchers
Forkers
solid-contrib nicolasmondada travis michielbdejong acoburn woutermont cha0sg0d copchristophe pavol-brunclik-compote rubensworks fuubi doctorbud diegoaraujo madnificent rajanbajaj angelo-v lars-vc openlinksoftware gobekli-inc laurin-w ritave pak-ferry-bfi krane96 franciscocoya timea-solid soukaijs nseydoux light-over zg009 leylagogebakan smessie seunghyeon12solid-client-authn-js's Issues
Make Session implement ISessionInfo
As discussed in #567, we currently have an inconvenient session.info field.
I propose to:
- make
SessionimplementISessionInfoto avoid this detour - (optional) create an
ISessioninterface, which is whatSessionimplements - have
handleIncomingRedirectreturnSession(ISession) rather thanISessionInfo - deprecate
Session#infoso we can remove it in a future version - change all
ISessionInfoXxxclasses and interfaces to returnSession(ISession) instead ofISessionInfo- with the next semver.major release, rename those classes into
ISessionXxxinstead
- with the next semver.major release, rename those classes into
How can platform-independent libraries depend on the client?
I'm opening this issue in response to this comment:
Due to the architectural changes leading the lib not to be isomorphic anymore, this is no longer relevant.
We have a couple of JavaScript libraries that will use this client in order to interface with Solid pods. Some of those libraries can run either on the client (browser, native, …), the server (Node.js, …), or an intermediary (Node.js, …). Concretely, I'm thinking about libraries such as:
- rdflib.js
- Comunica
- LDflex
- …
These libraries, which themselves do not commit to a platform, need to depend on a generic notion of a Solid client.
Only when these libraries are used by a concrete application, they will be bound to a concrete platform by that application.
If not via isomorphism, how are we going to achieve this?
Very concretely, what do I as a builder of platform-agnostic Solid libraries put in my package.json?
Build acceptance test suite
Use testcafe to have acceptance testing for everything
Popup gives Error: Popup login is not implemented yet
Describe the bug
When a config with { popUp: true } is provided, the popup flow doesn't trigger. The following error is printed: Error: Popup login is not implemented yet.
To Reproduce
Steps to reproduce the behavior:
- Run the example at https://github.com/inrupt/solid-client-authn-js/tree/master/packages/browser/examples/single/bundle
- Replace src/App.js with the code I wrote here: https://gist.github.com/jaxoncreed/0e9453f03488f43d9ed382593e82fc66
- Try to log in using the "Popup Login" button.
Expected behavior
A popup window should appear and should be directed to the issuer's login page. Upon login, the window closes and the session triggers an onLogin event.
Environment
System:
OS: macOS 10.15.6
CPU: (8) x64 Intel(R) Core(TM) i5-1038NG7 CPU @ 2.00GHz
Memory: 1.27 GB / 16.00 GB
Shell: 5.7.1 - /bin/zsh
Binaries:
Node: 14.4.0 - /usr/local/bin/node
npm: 6.14.4 - /usr/local/bin/npm
Watchman: 4.9.0 - /usr/local/bin/watchman
Browsers:
Chrome: 86.0.4240.80
Firefox: 81.0
Safari: 14.0
npmPackages:
@babel/core: ^7.8.6 => 7.10.5
@babel/preset-env: ^7.8.6 => 7.10.4
@babel/preset-react: ^7.8.3 => 7.10.4
@inrupt/solid-client-authn-browser: file://../../../ => 0.2.1
babel-loader: ^8.0.6 => 8.1.0
html-loader: ^0.5.5 => 0.5.5
html-webpack-plugin: ^3.2.0 => 3.2.0
react: ^16.13.0 => 16.13.1
react-dom: ^16.13.0 => 16.13.1
regenerator-runtime: ^0.13.3 => 0.13.7
webpack: ^4.41.6 => 4.44.0
webpack-cli: ^3.3.11 => 3.3.12
webpack-dev-server: ^3.10.3 => 3.11.0
npmGlobalPackages:
@inrupt/generator-solid-react: 0.7.2
@inrupt/solid-auth-fetcher: 0.0.6
expo-cli: 3.27.4
lerna: 3.22.1
npm: 6.14.4
ochat-api: 1.0.0
redis-commander: 0.7.0
static-server: 2.2.1
typescript: 3.9.5
yo: 3.1.1
Additional context
It looks like the functionality for popups was removed at some point (https://github.com/inrupt/solid-client-authn-js/blob/master/packages/browser/src/login/popUp/PopUpLoginHandler.ts#L65). Probably because it wouldn't work very well with closures. I expect that this will be solved along with #423. The popup window will trigger a login then close, causing the auth token to be lost but retaining the refresh token. Then the parent window would go through the refresh token flow to obtain an auth token for itself.
I need this for ESS compatibility. Unlike NSS, ESS will not accept hashes in its redirect URLs. So, if you log into https://jackson.inrupt.net/profile/card#me and want to get redirect there instead of https://jackson.inrupt.net/profile/card, ESS will complain. However, this same problem wouldn't happen in the Popup window flow.
Should save to session storage. Not local storage
Again, this is leftover from my code. So, sorry about that.
Currently the library saves things like the code_verifier to localstorage. It should be session storage instead:
`cross-fetch` overrides `window.fetch` with non-standard behaviour
Bug description
When using solid-auth-fetcher in a modern browser, the used fetcher should be provided by the browser itself. However, it seems that the polyfill returned by cross-fetch does not default to window.fetch, and has non-standard behaviour.
What prompted reporting this bug specifically is the fact that the obtained Response doesn't have a .body method to access its content as a ReadableStream.
To Reproduce
Steps to reproduce the behavior:
- If you don't have a React sandbox, create one (
npx create-react-app my-app) - Install
cross-fetch - Make sure
useEffectis imported inApp.js - import the
cross-fetchfetcher:import {fetch as crossFetch} from "cross-fetch" - Add this code snippet to the
Appfunction:
useEffect(() => {
const buildFetcher = async () => {
let fetcher;
if(typeof window !== undefined && typeof window.fetch !== undefined) {
console.log("Using the window fetcher")
fetcher = window.fetch;
} else {
console.log("Using cross-fetch")
fetcher = crossFetch;
}
fetcher("https://ruben.verborgh.org/profile/")
.then(response => response.body)
.then(stream => stream.getReader())
.then(reader => {
return reader.read().then(function processText({ done, value }) {
if (done) {
console.log("Stream complete");
return;
}
console.log(value);
return reader.read().then(processText);
});
});
}
buildFetcher();
});- Run the app:
npm run start
Expected behavior
- The code prints "Using the window fetcher", and then the stream content (byte arrays). This is what happens with the provided code snippet.
- When replacing
fetcher("https://ruben.verborgh.org/profile/")withcrossFetch("https://ruben.verborgh.org/profile/"), to force using the polyfill, then an error occurs, "TypeError: stream is undefined", because the response returned bycross-fetchdoes not implement thebodymethod.
Desktop (please complete the following information):
- OS: Ubuntu 18.04
- Browser: Firefox 77.0.1, Chrome 83
Additional context
LDflex expects the response to be readable as a stream. Also, this might have been the root cause of #88, and all the discussion around non-standard headers.
Regex for `sub` claim doesn't allow localhost
The regex here (
) doesn't allow for a domain likehttps://localhost:8443/profile/card#me. Because NSS does not issue a webid claim, a user running NSS on single-user mode locally is not able to log in.Unable to fetch when not logged in
Hey everyone, sorry for more github issues. I know you're all busy.
Describe the bug
If you try to make a fetch using the auth session, it will cause an error: Error: Could not obtain the key to sign the token with.
To Reproduce
Steps to reproduce the behavior:
- Set up the single/bundle example (https://github.com/inrupt/solid-client-authn-js/tree/master/packages/browser/examples/single/bundle)
- Replace
App.jswith the code here: https://gist.github.com/jaxoncreed/76c7c63a497c191fd6cb357d2f204d86 - Run the example
- Before logging in, press the "Unauthenticated Fetch" button which should send a fetch request to a public profile.
- The app will hang on the "loading" screen. If you open the debug console, you'll see the error logged.
Expected behavior
The fetcher should attempt to make an unauthenticated fetch and only fail if that resource is not public.
Environment
System:
OS: macOS 10.15.7
CPU: (8) x64 Intel(R) Core(TM) i5-1038NG7 CPU @ 2.00GHz
Memory: 576.42 MB / 16.00 GB
Shell: 5.7.1 - /bin/zsh
Binaries:
Node: 14.4.0 - /usr/local/bin/node
npm: 6.14.4 - /usr/local/bin/npm
Watchman: 4.9.0 - /usr/local/bin/watchman
Browsers:
Chrome: 86.0.4240.80
Firefox: 81.0.1
Safari: 14.0
npmPackages:
@babel/core: ^7.8.6 => 7.10.5
@babel/preset-env: ^7.8.6 => 7.10.4
@babel/preset-react: ^7.8.3 => 7.10.4
@inrupt/solid-client-authn-browser: file://../../../ => 0.2.1
babel-loader: ^8.0.6 => 8.1.0
html-loader: ^0.5.5 => 0.5.5
html-webpack-plugin: ^3.2.0 => 3.2.0
react: ^16.13.0 => 16.13.1
react-dom: ^16.13.0 => 16.13.1
regenerator-runtime: ^0.13.3 => 0.13.7
webpack: ^4.41.6 => 4.44.0
webpack-cli: ^3.3.11 => 3.3.12
webpack-dev-server: ^3.10.3 => 3.11.0
npmGlobalPackages:
@inrupt/generator-solid-react: 0.7.2
@inrupt/solid-auth-fetcher: 0.0.6
expo-cli: 3.27.4
lerna: 3.22.1
npm: 6.14.4
ochat-api: 1.0.0
redis-commander: 0.7.0
static-server: 2.2.1
typescript: 3.9.5
yo: 3.1.1
Additional context
@NSeydoux previously implemented this, but it looks like it was removed.
The error is triggered here:
. It happens after a dpop key cannot be fetched from storage. It looks like this still uses the old storage system, so this is probably happening because of the change in storage systems.Unexpected 401 error despite successful login
Describe the bug
While creating a new Solid application, following the Inrupt getting started documentation for javascript clients, I was hit by an unexpected HTTP 401 Unauthorized, even though the client logged in successfully.
To Reproduce
async function handleRedirectAfterLogin() {
if (new URL(window.location.href).searchParams.get("code")) {
await session.handleIncomingRedirect(window.location.href)
.then(results => {
console.log("Login succeeded:" + JSON.stringify(results))
console.log(JSON.stringify(session.fetch))
getSolidDataset("https://solid.carlo-hildebrandt.de/test", { fetch: session.fetch })
.then(results => console.log(JSON.stringify(results)))
.catch(err => console.log(JSON.stringify(err)))
}
)
.catch(err => console.error(JSON.stringify(err)));
}
}I tried the same procedure with two different Identity - & Resource Provider. A self-hosted NSS and the Inrupt.net server.
Expected behavior
It is expected, that the code above fetches the private resource since the client is logged in and the resource exists.
Screenshots
The code above lead to this this error:
The response message indicates, that the client is not authenticated:
Desktop (please complete the following information):
- OS: macOS (Catalina)
- Browser Chrome
- Version 85
Additional context
It is noticeable, that session.fetch is undefined. I would expect, that that should not be the case after a successful login.
Am I overlooking something obvious? Already thanks for your support!
Support for websockets with auth-command
In order to support https://github.com/solid/specification/issues/52#issuecomment-682491952, which will become mandatory in NSS version 6.0, we need to be able to send the tokens from the auth headers to the WebSocket server.
The solid-crud-tests are already doing this whenever they open a connection to a WebSocket-pubsub server.
It is my understanding that the current version of ISCAJ stores these tokens inside a closure, and so it would be impossible to send them (unless you add a simple WebSockets-pubsub client inside that closure).
Enabling components to listen to any server-side change
Need
- The Solid React components currently offer a way to listen to any changes (in addition to specific changes).
- Currently, this any is determined by subscribing to updates for every target URL of an outgoing HTTP request.
- For example, if requests are made to
http://a.com/12,http://b.com/45, then the React components will subscribe to the WebSockets running on both hosts, and trigger a refresh on any pub event.
- For example, if requests are made to
Solution in solid-auth-client
- A
requestevent is exposed, such that the React components see every request that is made with the fetcher.- Based on these URLs, a WebSocket is set up to every unique host.
Concerns with the existing solution
- solid-auth-client leaks all requests that any client-side library makes to all client-side librariess, which is a potential security issue.
Solution paths
- only expose hosts or WebSocket URLs (which are roughly equivalent; one comes from the other)
- very solution-specific though
- perhaps also a security problem
- remove the listen all functionality from the React components
- then only listening to specific resources will be supported
Remove LDFlex/Comunica-specific workarounds from the source code
Describe the bug
#121 (comment)
Steps to solve
- Does or doesn't LDflex-Comunica pass a correct
Headersobject?
Points from documentation code review
- At the beginning explain that in this case the server is a client
- Write a tutorial
- Eliminate the word “client” from the first sentence
- Move server example to 3rd example
- Add more prose about needed action
- Login and session say that a session isn’t always logged in. Sometimes it has a needed action
- Have an option for unique login
Resources return a 401 Unauthorized response
Describe the bug
Fetching any resource within my pod returns a 401 Unauthorized response
To Reproduce
- Within pod browser click on any resource to open the details panel
- Notice that it cannot fetch the details and returns a 401
Expected behavior
When I attempt to fetch a resource within my pod, I receive the resource and
Screenshots
Desktop (please complete the following information):
- OS: PopOS 20.04 (Ubuntu 20.04)
- Firefox
- 80.0 (64-bit)
This seems to have something to do with the recent switch from solid-auth-client
Spelling
two small spelling corrections (I have a branch for this but no way to push it to you).
Rename
packages/authenticator-test-server/src/opeidConfig.ts
to
packages/authenticator-test-server/src/openIdConfig.ts
and then:
diff --git a/packages/authenticator-test-server/src/openIdConfig.ts b/packages/authenticator-test-server/src/openIdConfig.ts
index 4aa3f44..cab0ccc 100644
--- a/packages/authenticator-test-server/src/openIdConfig.ts
+++ b/packages/authenticator-test-server/src/openIdConfig.ts
@@ -1,5 +1,5 @@
/**
- * Function to retieve the openid-configuration for the IDP
+ * Function to retrieve the openid-configuration for the IDP
*/
export default function getOpenIdConfig(options: { issuer: string }): Object {
return {
diff --git a/packages/authenticator-test-server/src/test-server.ts b/packages/authenticator-test-server/src/test-server.ts
index f244478..6472018 100755
--- a/packages/authenticator-test-server/src/test-server.ts
+++ b/packages/authenticator-test-server/src/test-server.ts
@@ -7,7 +7,7 @@ import cors from "cors";
import session from "express-session";
import { JWT } from "jose";
import keystore from "./keystore";
-import getOpenIdConfig from "./opeidConfig";
+import getOpenIdConfig from "./openIdConfig";
import path from "path";
import URL from "url-parse";
Build fails because ./webpack.prod.js not found
npm run build fails with Error: Cannot find module './webpack.prod.js'
Getting 401 on PUT to writable resource when logged in
Describe the bug
Using solid-client-authn (from packages/browser/browserDist/solid-client-auth.bundle.js), I can login but when I try to PUT a resource, I get a 401.
To Reproduce
This script should reproduce the error :
<html><head>
<script src="./solid-client-authn/packages/browser/browserDist/solid-client-authn.bundle.js"></script>
<script>
/* CHANGE THESE */
const idp = 'https://solidcommunity.net'
const uri = 'https://jeff-zucker.solidcommunity.net/public/test2.txt'
/* ------------ */
const session = getSession('test')
async function main() {
domAdd( `logging in to <b>${idp}</b> ...` )
let sessionInfo = await login(idp)
domAdd( `logged in as <b>${sessionInfo.webId}</b><br><br>` )
domAdd( `writing <b>${uri}</b> ...` )
let response = await session.fetch( uri, {
method:'PUT',
body:"hello world",
"content-type":"text/plain"
})
domAdd( `got status <b>${response.status}</b><br><br>` )
domAdd( `reading <b>${uri}</b>...` )
response = await session.fetch(uri)
domAdd( `got status <b>${response.status}</b>` )
domAdd( `got content <b>${await response.text()}</b><br><br>` )
}
function getSession(sessionId) {
return new solidClientAuthentication.Session(
{
clientAuthentication :
solidClientAuthentication.getClientAuthenticationWithDependencies({})
},
sessionId
);
}
async function login(idp){
const authCode = new URL(window.location.href).searchParams.get("code");
if (authCode) {
let sessionInfo = await session.handleIncomingRedirect(
new URL(window.location.href)
)
return Promise.resolve( sessionInfo )
}
else {
await session.login({
redirectUrl: new URL(window.location.href),
oidcIssuer: new URL(idp),
});
}
}
function domAdd( HTMLcontent ) {
let elm = document.createElement('DIV')
elm.innerHTML = HTMLcontent
document.body.appendChild(elm)
}
</script></head><body onload="main()"></body></html> Expected behavior
Should write the file, but gets a 401 even though it shows me as logged in.
Environment
System:
OS: Linux 5.4 Linux Mint 20 (Ulyana)
CPU: (4) x64 Intel(R) Core(TM) i5-7400 CPU @ 3.00GHz
Memory: 2.24 GB / 11.61 GB
Container: Yes
Shell: 5.0.17 - /bin/bash
Binaries:
Node: 14.9.0 - ~/.nvm/versions/node/v14.9.0/bin/node
npm: 6.14.8 - ~/.nvm/versions/node/v14.9.0/bin/npm
Browsers:
Chrome: 86.0.4240.75
Firefox: 81.0
npmPackages:
@types/jest: ^26.0.13 => 26.0.13
@types/node-fetch: ^2.5.6 => 2.5.7
@typescript-eslint/eslint-plugin: ^2.34.0 => 2.34.0
@typescript-eslint/parser: ^2.34.0 => 2.34.0
eslint: ^6.1.0 => 6.8.0
eslint-config-prettier: ^6.10.0 => 6.11.0
eslint-plugin-license-header: ^0.2.0 => 0.2.0
eslint-plugin-prettier: ^3.1.4 => 3.1.4
husky: ^4.2.3 => 4.3.0
jest: ^25.1.0 => 25.5.4
lerna: ^3.22.1 => 3.22.1
license-checker: ^25.0.1 => 25.0.1
lint-staged: ^10.2.13 => 10.4.0
node-fetch: ^2.6.1 => 2.6.1
prettier: 2.1.1 => 2.1.1
rollup: ^2.26.11 => 2.28.2
rollup-plugin-typescript2: ^0.27.2 => 0.27.3
ts-jest: ^25.5.1 => 25.5.1
ts-loader: ^8.0.3 => 8.0.3
tsc-watch: ^4.2.9 => 4.2.9
typedoc: ^0.19.1 => 0.19.2
typedoc-plugin-markdown: ^3.0.7 => 3.0.7
typescript: ^3.9.7 => 3.9.7
webpack: ^4.44.1 => 4.44.1
webpack-bundle-analyzer: ^3.8.0 => 3.8.0
webpack-cli: ^3.3.12 => 3.3.12
webpack-merge: ^4.2.2 => 4.2.2
npmGlobalPackages:
esm: 3.2.25
express: 4.17.1
nodemon: 2.0.4
npm: 6.14.8
Allow strings to be passed into the Login input
Currently, only URLs are allowed to be passed for a redirect URL and an OIDC issuer (https://github.com/inrupt/solid-client-authn-js/blob/master/packages/core/src/ILoginInputOptions.ts#L28-L32).
While I agree that internally it makes sense to pass around URLs, an external interface should allow strings then error if they are not valid URLs. Additionally, this requires a "url-parse" URL, not the kind you get by default in the web browser.
No longer removes `code` and `state` from URL query
Bug description
The library used to eliminate the code and state fields in the url when it's done with them. It no longer does that.
To Reproduce
- Run the example project at https://github.com/inrupt/solid-client-authn-js/tree/master/packages/browser/examples/single/bundle
- Log In
- Observe that the URL is still
http://localhost:3001/?code=CODE&state=SESSION_ID
Expected result
The library will automatically direct to http://localhost:3001/. If the redirect URL included a query, it should simply remove the code and state fields. So if the url was http://localhost:3001/search?searchterm=dogs&code=CODE&state=SESSION_ID it should become http://localhost:3001/search?searchterm=dogs
Environment
System:
OS: macOS 10.15.7
CPU: (8) x64 Intel(R) Core(TM) i5-1038NG7 CPU @ 2.00GHz
Memory: 239.44 MB / 16.00 GB
Shell: 5.7.1 - /bin/zsh
Binaries:
Node: 14.4.0 - /usr/local/bin/node
npm: 6.14.4 - /usr/local/bin/npm
Watchman: 4.9.0 - /usr/local/bin/watchman
Browsers:
Chrome: 86.0.4240.111
Firefox: 81.0.2
Safari: 14.0
npmPackages:
@types/jest: ^26.0.13 => 26.0.15
@types/node-fetch: ^2.5.6 => 2.5.7
@typescript-eslint/eslint-plugin: ^2.34.0 => 2.34.0
@typescript-eslint/parser: ^2.34.0 => 2.34.0
eslint: ^6.1.0 => 6.8.0
eslint-config-prettier: ^6.10.0 => 6.15.0
eslint-plugin-license-header: ^0.2.0 => 0.2.0
eslint-plugin-prettier: ^3.1.4 => 3.1.4
husky: ^4.2.3 => 4.3.0
jest: ^25.1.0 => 25.5.4
lerna: ^3.22.1 => 3.22.1
lerna-audit: ^1.2.0 => 1.2.0
license-checker: ^25.0.1 => 25.0.1
lint-staged: ^10.2.13 => 10.5.0
node-fetch: ^2.6.1 => 2.6.1
prettier: 2.1.1 => 2.1.1
rollup: ^2.26.11 => 2.32.1
rollup-plugin-typescript2: ^0.28.0 => 0.28.0
ts-jest: ^25.5.1 => 25.5.1
ts-loader: ^8.0.3 => 8.0.7
tsc-watch: ^4.2.9 => 4.2.9
typedoc: ^0.19.1 => 0.19.2
typedoc-plugin-markdown: ^3.0.7 => 3.0.11
typescript: ^3.9.7 => 3.9.7
webpack: ^4.44.1 => 4.44.1
webpack-bundle-analyzer: ^3.8.0 => 3.9.0
webpack-cli: ^4.1.0 => 4.1.0
webpack-merge: ^5.2.0 => 5.2.0
npmGlobalPackages:
@inrupt/generator-solid-react: 0.7.2
@inrupt/solid-auth-fetcher: 0.0.6
expo-cli: 3.28.2
lerna: 3.22.1
npm: 6.14.4
ochat-api: 1.0.0
redis-commander: 0.7.0
static-server: 2.2.1
typescript: 3.9.5
update: 0.7.4
yo: 3.1.1
Interfaces are not exported.
You currently need to import interfaces like import ILoginOptions from "solid-auth-fetcher/dist/login/ILoginOptions.ts"
Does not stay logged in after refresh
Describe the bug
After a successful login, if you refresh the page (or you lose the auth session instance for any other reason), the application will not still be logged in.
To Reproduce
Steps to reproduce the behavior:
- Run the example at https://github.com/inrupt/solid-client-authn-js/tree/master/packages/browser/examples/single/bundle
- Log into a server.
- Refresh the page
Expected behavior
Solid-client-authn should use a refresh token to get a new key so that a user stays logged in when they refresh.
Environment
System:
OS: macOS 10.15.6
CPU: (8) x64 Intel(R) Core(TM) i5-1038NG7 CPU @ 2.00GHz
Memory: 220.08 MB / 16.00 GB
Shell: 5.7.1 - /bin/zsh
Binaries:
Node: 14.4.0 - /usr/local/bin/node
npm: 6.14.4 - /usr/local/bin/npm
Watchman: 4.9.0 - /usr/local/bin/watchman
Browsers:
Chrome: 86.0.4240.75
Firefox: 81.0
Safari: 14.0
npmPackages:
@babel/core: ^7.8.6 => 7.10.5
@babel/preset-env: ^7.8.6 => 7.10.4
@babel/preset-react: ^7.8.3 => 7.10.4
@inrupt/solid-client-authn-browser: file://../../../ => 0.2.1
babel-loader: ^8.0.6 => 8.1.0
html-loader: ^0.5.5 => 0.5.5
html-webpack-plugin: ^3.2.0 => 3.2.0
react: ^16.13.0 => 16.13.1
react-dom: ^16.13.0 => 16.13.1
regenerator-runtime: ^0.13.3 => 0.13.7
webpack: ^4.41.6 => 4.44.0
webpack-cli: ^3.3.11 => 3.3.12
webpack-dev-server: ^3.10.3 => 3.11.0
npmGlobalPackages:
@inrupt/generator-solid-react: 0.7.2
@inrupt/solid-auth-fetcher: 0.0.6
expo-cli: 3.27.4
lerna: 3.22.1
npm: 6.14.4
ochat-api: 1.0.0
redis-commander: 0.7.0
static-server: 2.2.1
typescript: 3.9.5
yo: 3.1.1
Additional context
This probably is just due to the new closure version of storage. To fix this refresh token flow should be triggered upon startup.
Use Webpack to not bundle `cross-fetch`
Considering the conversation in #174, in the browser environment cross-fetch won't be required. It should therefore not be included by the bundler to reduce the bundle size.
`npm run browser-dev` not working unless you run `npm run test` first
The first time I ran npm run browser-dev it didn't work. Then I ran npm run test, that did work (asked me to give TestCafe Browser Tools permission to record the screen and then a few more 'allow' dialogs popped up, but I'm guessing that would only be for running TestCafe).
Then I tried npm run browser-dev again, and it did work! So could it be that there's a build step that npm run browser-dev relies on to have been run first? Here's the log from the time it didn't work (you can probably reproduce this by cloning the repo in a clean directory and doing only npm i, npm run bootstrap and npm run browser-dev:
~/gh/inrupt/solid-auth-fetcher $ npm run browser-dev
> solid-authenticator-root@ browser-dev /Users/michiel/gh/inrupt/solid-auth-fetcher
> concurrently "lerna run test-server-dev --stream" "lerna run build-core-watch --stream" "lerna run browser-dev --stream"
[1] lerna notice cli v3.14.2
[2] lerna notice cli v3.14.2
[0] lerna notice cli v3.14.2
[2] lernalerna info Executing command in 1 package: "npm run build-core-watch"
[2] info Executing command in 1 package: "npm run browser-dev"
[0] lerna info Executing command in 1 package: "npm run test-server-dev"
[1] @solid/authenticator-core: > @solid/[email protected] build-core-watch /Users/michiel/gh/inrupt/solid-auth-fetcher/packages/authenticator-core
[1] @solid/authenticator-core: > tsc-watch --preserveWatchOutput -p tsconfig.build.json
[2] @solid/authenticator-browser: > @solid/[email protected] browser-dev /Users/michiel/gh/inrupt/solid-auth-fetcher/packages/authenticator-browser
[2] @solid/authenticator-browser: > webpack-dev-server --config webpack.config.js --env.env=dev
[0] @solid/authenticator-test-server: > @solid/[email protected] test-server-dev /Users/michiel/gh/inrupt/solid-auth-fetcher/packages/authenticator-test-server
[0] @solid/authenticator-test-server: > ts-node-dev src/test-server.ts
[1] @solid/authenticator-core: 11:00:51 AM - Starting compilation in watch mode...
[0] @solid/authenticator-test-server: Using ts-node version 8.6.2, typescript version 3.7.3
[0] @solid/authenticator-test-server: Mon, 16 Mar 2020 10:00:52 GMT body-parser deprecated undefined extended: provide extended option at src/test-server.ts:27:31
[0] @solid/authenticator-test-server: Mon, 16 Mar 2020 10:00:52 GMT express-session deprecated undefined resave option; provide resave option at src/test-server.ts:28:34
[0] @solid/authenticator-test-server: Mon, 16 Mar 2020 10:00:52 GMT express-session deprecated undefined saveUninitialized option; provide saveUninitialized option at src/test-server.ts:28:34
[0] @solid/authenticator-test-server: Test Server listening on port 9001
[2] @solid/authenticator-browser: ℹ 「wds」: Project is running at http://localhost:9000/
[2] @solid/authenticator-browser: ℹ 「wds」: webpack output is served from /
[2] @solid/authenticator-browser: ℹ 「wds」: Content not from webpack is served from /Users/michiel/gh/inrupt/solid-auth-fetcher/packages/authenticator-browser/browserDist
[2] @solid/authenticator-browser: ✖ 「wdm」: Hash: e30b2a64753866df3775
[2] @solid/authenticator-browser: Version: webpack 4.42.0
[2] @solid/authenticator-browser: Time: 3286ms
[2] @solid/authenticator-browser: Built at: 03/16/2020 11:00:55 AM
[2] @solid/authenticator-browser: Asset Size Chunks Chunk Names
[2] @solid/authenticator-browser: index.html 1.07 KiB [emitted]
[2] @solid/authenticator-browser: solid-authenticator.bundle.js 7.49 MiB main [emitted] main
[2] @solid/authenticator-browser: Entrypoint main = solid-authenticator.bundle.js
[2] @solid/authenticator-browser: [0] multi (webpack)-dev-server/client?http://localhost:9000 ./src/index.browser.ts 40 bytes {main} [built]
[2] @solid/authenticator-browser: [../../node_modules/ansi-html/index.js] /Users/michiel/gh/inrupt/solid-auth-fetcher/node_modules/ansi-html/index.js 4.16 KiB {main} [built]
[2] @solid/authenticator-browser: [../../node_modules/ansi-regex/index.js] /Users/michiel/gh/inrupt/solid-auth-fetcher/node_modules/ansi-regex/index.js 135 bytes {main} [built]
[2] @solid/authenticator-browser: [../../node_modules/strip-ansi/index.js] /Users/michiel/gh/inrupt/solid-auth-fetcher/node_modules/strip-ansi/index.js 161 bytes {main} [built]
[2] @solid/authenticator-browser: [../../node_modules/url-parse/index.js] /Users/michiel/gh/inrupt/solid-auth-fetcher/node_modules/url-parse/index.js 12.4 KiB {main} [built]
[2] @solid/authenticator-browser: [../../node_modules/webpack-dev-server/client/index.js?http://localhost:9000] (webpack)-dev-server/client?http://localhost:9000 4.29 KiB {main} [built]
[2] @solid/authenticator-browser: [../../node_modules/webpack-dev-server/client/overlay.js] (webpack)-dev-server/client/overlay.js 3.51 KiB {main} [built]
[2] @solid/authenticator-browser: [../../node_modules/webpack-dev-server/client/socket.js] (webpack)-dev-server/client/socket.js 1.53 KiB {main} [built]
[2] @solid/authenticator-browser: [../../node_modules/webpack-dev-server/client/utils/createSocketUrl.js] (webpack)-dev-server/client/utils/createSocketUrl.js 2.91 KiB {main} [built]
[2] @solid/authenticator-browser: [../../node_modules/webpack-dev-server/client/utils/log.js] (webpack)-dev-server/client/utils/log.js 964 bytes {main} [built]
[2] @solid/authenticator-browser: [../../node_modules/webpack-dev-server/client/utils/reloadApp.js] (webpack)-dev-server/client/utils/reloadApp.js 1.59 KiB {main} [built]
[2] @solid/authenticator-browser: [../../node_modules/webpack-dev-server/client/utils/sendMessage.js] (webpack)-dev-server/client/utils/sendMessage.js 402 bytes {main} [built]
[2] @solid/authenticator-browser: [../../node_modules/webpack/hot sync ^\.\/log$] (webpack)/hot sync nonrecursive ^\.\/log$ 170 bytes {main} [built]
[2] @solid/authenticator-browser: [./src/index.browser.ts] 3.78 KiB {main} [built]
[2] @solid/authenticator-browser: [./src/index.ts] 814 bytes {main} [built] [2 errors]
[2] @solid/authenticator-browser: + 328 hidden modules
[2] @solid/authenticator-browser: ERROR in ./src/index.ts
[2] @solid/authenticator-browser: Module not found: Error: Can't resolve '@solid/authenticator-core' in '/Users/michiel/gh/inrupt/solid-auth-fetcher/packages/authenticator-browser/src'
[2] @solid/authenticator-browser: @ ./src/index.ts 6:43-79
[2] @solid/authenticator-browser: @ ./src/index.browser.ts
[2] @solid/authenticator-browser: ERROR in /Users/michiel/gh/inrupt/solid-auth-fetcher/packages/authenticator-browser/src/BrowserJoseUtility.ts
[2] @solid/authenticator-browser: ./src/BrowserJoseUtility.ts
[2] @solid/authenticator-browser: [tsl] ERROR in /Users/michiel/gh/inrupt/solid-auth-fetcher/packages/authenticator-browser/src/BrowserJoseUtility.ts(18,26)
[2] @solid/authenticator-browser: TS2307: Cannot find module '@solid/authenticator-core/dist/authenticator/IJoseUtility'.
[2] @solid/authenticator-browser: ERROR in /Users/michiel/gh/inrupt/solid-auth-fetcher/packages/authenticator-browser/src/index.ts
[2] @solid/authenticator-browser: ./src/index.ts
[2] @solid/authenticator-browser: [tsl] ERROR in /Users/michiel/gh/inrupt/solid-auth-fetcher/packages/authenticator-browser/src/index.ts(4,31)
[2] @solid/authenticator-browser: TS2307: Cannot find module '@solid/authenticator-core'.
[2] @solid/authenticator-browser: ERROR in /Users/michiel/gh/inrupt/solid-auth-fetcher/packages/authenticator-browser/src/index.ts
[2] @solid/authenticator-browser: ./src/index.ts
[2] @solid/authenticator-browser: [tsl] ERROR in /Users/michiel/gh/inrupt/solid-auth-fetcher/packages/authenticator-browser/src/index.ts(7,27)
[2] @solid/authenticator-browser: TS2307: Cannot find module '@solid/authenticator-core/dist/authenticator/Authenticator'.
[2] @solid/authenticator-browser: ERROR in /Users/michiel/gh/inrupt/solid-auth-fetcher/packages/authenticator-browser/src/storage/InMemoryStorage.ts
[2] @solid/authenticator-browser: ./src/storage/InMemoryStorage.ts
[2] @solid/authenticator-browser: [tsl] ERROR in /Users/michiel/gh/inrupt/solid-auth-fetcher/packages/authenticator-browser/src/storage/InMemoryStorage.ts(4,22)
[2] @solid/authenticator-browser: TS2307: Cannot find module '@solid/authenticator-core/dist/authenticator/IStorage'.
[2] @solid/authenticator-browser: Child html-webpack-plugin for "index.html":
[2] @solid/authenticator-browser: 1 asset
[2] @solid/authenticator-browser: Entrypoint undefined = index.html
[2] @solid/authenticator-browser: [../../node_modules/html-webpack-plugin/lib/loader.js!./src/index.html] /Users/michiel/gh/inrupt/solid-auth-fetcher/node_modules/html-webpack-plugin/lib/loader.js!./src/index.html 1.23 KiB {0} [built]
[2] @solid/authenticator-browser: [../../node_modules/lodash/lodash.js] /Users/michiel/gh/inrupt/solid-auth-fetcher/node_modules/lodash/lodash.js 528 KiB {0} [built]
[2] @solid/authenticator-browser: [../../node_modules/webpack/buildin/global.js] (webpack)/buildin/global.js 472 bytes {0} [built]
[2] @solid/authenticator-browser: ℹ 「wdm」: Failed to compile.
[2] @solid/authenticator-browser: [../../node_modules/webpack/buildin/module.js] (webpack)/buildin/module.js 497 bytes {0} [built]
[1] @solid/authenticator-core: 11:00:56 AM - Found 0 errors. Watching for file changes.
[2] @solid/authenticator-browser: ℹ 「wdm」: Compiling...
[2] @solid/authenticator-browser: ✖ 「wdm」: Hash: 2bb97c6ab0f3b5aec025
[2] @solid/authenticator-browser: Version: webpack 4.42.0
[2] @solid/authenticator-browser: Time: 2045ms
[2] @solid/authenticator-browser: Built at: 03/16/2020 11:01:00 AM
[2] @solid/authenticator-browser: Asset Size Chunks Chunk Names
[2] @solid/authenticator-browser: index.html 1.07 KiB [emitted]
[2] @solid/authenticator-browser: solid-authenticator.bundle.js 8.76 MiB main [emitted] main
[2] @solid/authenticator-browser: Entrypoint main = solid-authenticator.bundle.js
[2] @solid/authenticator-browser: [../../node_modules/reflect-metadata/Reflect.js] /Users/michiel/gh/inrupt/solid-auth-fetcher/node_modules/reflect-metadata/Reflect.js 50 KiB {main} [built]
[2] @solid/authenticator-browser: [../../node_modules/tsyringe/dist/esm5/index.js] /Users/michiel/gh/inrupt/solid-auth-fetcher/node_modules/tsyringe/dist/esm5/index.js 388 bytes {main} [built]
[2] @solid/authenticator-browser: [../authenticator-core/dist/authenticatedFetch/AggregateAuthenticatedFetcher.js] 2.44 KiB {main} [built]
[2] @solid/authenticator-browser: [../authenticator-core/dist/authenticatedFetch/bearer/BearerAuthenticatedFetcher.js] 3.59 KiB {main} [built]
[2] @solid/authenticator-browser: [../authenticator-core/dist/authenticatedFetch/dpop/DpopAuthenticatedFetcher.js] 6.44 KiB {main} [built]
[2] @solid/authenticator-browser: [../authenticator-core/dist/authenticator/Authenticator.js] 7.23 KiB {main} [built]
[2] @solid/authenticator-browser: [../authenticator-core/dist/index.js] 4.57 KiB {main} [built]
[2] @solid/authenticator-browser: [../authenticator-core/dist/login/AggregateLoginHandler.js] 2.36 KiB {main} [built]
[2] @solid/authenticator-browser: [../authenticator-core/dist/login/oidc/AggregateOidcHandler.js] 2.36 KiB {main} [built]
[2] @solid/authenticator-browser: [../authenticator-core/dist/login/oidc/IssuerConfigFetcher.js] 9.79 KiB {main} [built]
[2] @solid/authenticator-browser: [../authenticator-core/dist/login/oidc/OidcLoginHandler.js] 6.34 KiB {main} [built]
[2] @solid/authenticator-browser: [../authenticator-core/dist/login/oidc/oidcHandlers/AuthorizationCodeOidcHandler.js] 3.55 KiB {main} [built]
[2] @solid/authenticator-browser: [../authenticator-core/dist/login/oidc/oidcHandlers/AuthorizationCodeWithPkceOidcHandler.js] 3.61 KiB {main} [built]
[2] @solid/authenticator-browser: [../authenticator-core/dist/login/oidc/oidcHandlers/ClientCredentialsOidcHandler.js] 3.55 KiB {main} [built]
[2] @solid/authenticator-browser: [../authenticator-core/dist/login/oidc/oidcHandlers/LegacyImplicitFlowOidcHandler.js] 5.94 KiB {main} [built]
[2] @solid/authenticator-browser: + 436 hidden modules
[2] @solid/authenticator-browser: ERROR in /Users/michiel/gh/inrupt/solid-auth-fetcher/packages/authenticator-browser/src/BrowserJoseUtility.ts
[2] @solid/authenticator-browser: ./src/BrowserJoseUtility.ts
[2] @solid/authenticator-browser: [tsl] ERROR in /Users/michiel/gh/inrupt/solid-auth-fetcher/packages/authenticator-browser/src/BrowserJoseUtility.ts(18,26)
[2] @solid/authenticator-browser: TS2307: Cannot find module '@solid/authenticator-core/dist/authenticator/IJoseUtility'.
[2] @solid/authenticator-browser: ERROR in /Users/michiel/gh/inrupt/solid-auth-fetcher/packages/authenticator-browser/src/index.ts
[2] @solid/authenticator-browser: ./src/index.ts
[2] @solid/authenticator-browser: [tsl] ERROR in /Users/michiel/gh/inrupt/solid-auth-fetcher/packages/authenticator-browser/src/index.ts(4,31)
[2] @solid/authenticator-browser: TS2307: Cannot find module '@solid/authenticator-core'.
[2] @solid/authenticator-browser: ERROR in /Users/michiel/gh/inrupt/solid-auth-fetcher/packages/authenticator-browser/src/index.ts
[2] @solid/authenticator-browser: ./src/index.ts
[2] @solid/authenticator-browser: [tsl] ERROR in /Users/michiel/gh/inrupt/solid-auth-fetcher/packages/authenticator-browser/src/index.ts(7,27)
[2] @solid/authenticator-browser: TS2307: Cannot find module '@solid/authenticator-core/dist/authenticator/Authenticator'.
[2] @solid/authenticator-browser: ERROR in /Users/michiel/gh/inrupt/solid-auth-fetcher/packages/authenticator-browser/src/storage/InMemoryStorage.ts
[2] @solid/authenticator-browser: ./src/storage/InMemoryStorage.ts
[2] @solid/authenticator-browser: [tsl] ERROR in /Users/michiel/gh/inrupt/solid-auth-fetcher/packages/authenticator-browser/src/storage/InMemoryStorage.ts(4,22)
[2] @solid/authenticator-browser: TS2307: Cannot find module '@solid/authenticator-core/dist/authenticator/IStorage'.
[2] @solid/authenticator-browser: Child html-webpack-plugin for "index.html":
[2] @solid/authenticator-browser: 1 asset
[2] @solid/authenticator-browser: Entrypoint undefined = index.html
[2] @solid/authenticator-browser: 4 modules
[2] @solid/authenticator-browser: ℹ 「wdm」: Failed to compile.Compile error when running `npm run dev-bundle`
This is the error I see when following the readme instructions up to npm run dev-bundle:
[2] ERROR in ./src/index.js
[2] Module build failed (from ./node_modules/babel-loader/lib/index.js):
[2] Error: Cannot find module '@babel/compat-data/corejs3-shipped-proposals'
[2] Require stack:
[2] - /Users/michiel/gh/inrupt/solid-auth-fetcher/examples/bundle/node_modules/@babel/preset-env/lib/polyfills/corejs3/usage-plugin.js
[2] - /Users/michiel/gh/inrupt/solid-auth-fetcher/examples/bundle/node_modules/@babel/preset-env/lib/index.js
[2] - /Users/michiel/gh/inrupt/solid-auth-fetcher/examples/bundle/node_modules/@babel/core/lib/config/files/plugins.js
[2] - /Users/michiel/gh/inrupt/solid-auth-fetcher/examples/bundle/node_modules/@babel/core/lib/config/files/index.js
[2] - /Users/michiel/gh/inrupt/solid-auth-fetcher/examples/bundle/node_modules/@babel/core/lib/index.js
[2] - /Users/michiel/gh/inrupt/solid-auth-fetcher/examples/bundle/node_modules/babel-loader/lib/index.js
[2] - /Users/michiel/gh/inrupt/solid-auth-fetcher/examples/bundle/node_modules/loader-runner/lib/loadLoader.js
[2] - /Users/michiel/gh/inrupt/solid-auth-fetcher/examples/bundle/node_modules/loader-runner/lib/LoaderRunner.js
[2] - /Users/michiel/gh/inrupt/solid-auth-fetcher/examples/bundle/node_modules/webpack/lib/NormalModule.js
[2] - /Users/michiel/gh/inrupt/solid-auth-fetcher/examples/bundle/node_modules/webpack/lib/NormalModuleFactory.js
[2] - /Users/michiel/gh/inrupt/solid-auth-fetcher/examples/bundle/node_modules/webpack/lib/Compiler.js
[2] - /Users/michiel/gh/inrupt/solid-auth-fetcher/examples/bundle/node_modules/webpack/lib/webpack.js
[2] - /Users/michiel/gh/inrupt/solid-auth-fetcher/examples/bundle/node_modules/webpack-dev-server/bin/webpack-dev-server.js
[2] at Function.Module._resolveFilename (internal/modules/cjs/loader.js:966:15)
[2] at Function.Module._load (internal/modules/cjs/loader.js:842:27)
[2] at Module.require (internal/modules/cjs/loader.js:1026:19)
[2] at require (internal/modules/cjs/helpers.js:72:18)
[2] at Object.<anonymous> (/Users/michiel/gh/inrupt/solid-auth-fetcher/examples/bundle/node_modules/@babel/preset-env/lib/polyfills/corejs3/usage-plugin.js:10:55)
[2] at Module._compile (internal/modules/cjs/loader.js:1138:30)
[2] at Object.Module._extensions..js (internal/modules/cjs/loader.js:1158:10)
[2] at Module.load (internal/modules/cjs/loader.js:986:32)
[2] at Function.Module._load (internal/modules/cjs/loader.js:879:14)
[2] at Module.require (internal/modules/cjs/loader.js:1026:19)
[2] Child html-webpack-plugin for "index.html":
[2] 1 asset
[2] Entrypoint undefined = ./index.html
[2] [./node_modules/html-webpack-plugin/lib/loader.js!./src/index.html] 220 bytes {0} [built]
[2] ℹ 「wdm」: Failed to compile.The browser library should automatically detect the current page for the redirect URL
In solid-auth-client, providing a redirect url was optional because in the browser, it would automatically detect the current url and use that. The same should apply for solid-client-authn-js-browser.
Update mocks to be consistent.
See comment here #29 (comment)
Review public API
Move away from hybrid flow
Currently solid-client-authn-js triggers a hybrid login flow by setting response_type=code%20id_token. Per @acoburn 's suggestion, hybrid flow should not be used.
Does not fail elegantly when token exchange doesn't work
The error given is "decoded is not defined"
Do not store the Client secret and client key in localstorage
In order to accomplish this you will need to:
- Generate a new key each session
- Use the refresh token flow to get a new access token
Support for Angular 9
Note, this is based on the popup branch. (commit 91bc153b88).
In an Angular 9 set up the following steps are needed for the library to work:
- Add this snippet to the root
package.json(reference):
"browser": {
"fs": false,
"path": false,
"os": false,
"crypto": false,
"stream": false,
"http": false,
"tls": false,
"zlib": false,
"https": false,
"net": false
}-
Update the builder code to use node's crypto (reference). In file
node_modules/@angular-devkit/build-angular/src/angular-cli-files/models/webpack-configs/browser.jsreplacenode: falsewithnode: {crypto: true, stream: true, fs: 'empty', net: 'empty'}. This can be hooked topostinstallscript. -
Set
allowSyntheticDefaultImportsin the projecttsconfig.
ERROR in node_modules/solid-auth-fetcher/dist/login/ILoginOptions.d.ts:1:8 - error TS1259: Module '"node_modules/solid-auth-fetcher/node_modules/@types/url-parse/index"' can only be default-imported using the 'allowSyntheticDefaultImports' flag
Headers typing mismatch
As shown in the conversation in #95, the Headers type defined by lib.dom.d.ts doesn't match the API specified in https://developer.mozilla.org/en-US/docs/Web/API/Headers. It seems that the node-fetch interface is closer to the spec, so a solution might be to replace the lib.dom.d.ts:Headers by node-fetch:Headers, but that would imply changing typings all over the place. Another approach is to contribute to the upstream interface.
Discuss/clarify why there needs to be an ID for a session
From #28:
localUserId is weird; not sure it belongs here. What problem are we solving?
There must be some kind of ID to identify the session. Because not all sessions are logged in, the webId cannot be used.
I'd like to take 2–3 steps back here to identify the high-level problem. (ID already being a possible solution.)
What exactly is the problem we are solving? Distinguishing multiple simultaneous sessions? What does it mean to have a session that is not logged in? Etc.
Does not bundle well with Webpack
Describe the bug
If bundled with Webpack, throws an exception when any function is called.
To Reproduce
Steps to reproduce the behavior:
- Create a simple React app with
create-react-app npm install @inrupt/solid-auth-fetcher- Add
{fetch("http://www.perdu.com/").then(response => response.text).then(data => console.log(data))}to the newly created app npm run start- the browser should display the error
TypeError: Object(...) is not a function.
Expected behavior
The functions should be available after bundling.
Request headers are overriden when using `LDflex-Comunica`
Description of the bug
When called with the following values:
"init": {
"headers": {
"_headers": {
"accept": [
"application/n-quads,application/trig;q=0.95,application/ld+json;q=0.9,application/n-triples;q=0.8,text/turtle;q=0.5,application/rdf+xml;q=0.5,application/json;q=0.45,text/n3;q=0.35,application/xml;q=0.3,text/xml;q=0.3,image/svg+xml;q=0.3,text/html;q=0.2,application/xhtml+xml;q=0.18"
]
}
}
},
"input": "https://www.w3.org/People/Berners-Lee/card"
in a NodeJS environment (using cross-fetch), solid-auth-fetcher performs a query with default Accept headers, instead of the ones specified in the init data structure.
This bug was observed while upgrading LDflex-Comunica. I'm not entirely sure the init structure above is compatible with the expected RequestInit type, namely the additional wrapping _headers seems extraneous. However, this exact same structure was processed successfully by solid-auth-client. A special case might be added to patch the issue on a short term, but if the problem comes from the data structure passed by LDflex-Comunica, then actual patch should be implemented there.
Steps to reproduce
Clone https://github.com/NSeydoux/LDflex-Comunica, run npm ci and npm run test. The tests timeout for a different reason, but the core issue is that the request isn't stubbed by PollyJS because it doesn't match the expected signature because the headers have been mangled.
Does not handle redirects well
Upon redirect, Auth Fetcher does not create a new DPoP Token
Fix the example for the script tag bundling
It's not updated for the new interface.
bundle is a 404 when running `npm run dev-script`
npm run dev-script starts a web server on port 3001, but the browser then says solid-auth-fetcher-bundle.js is a 404.
Running npm run build works around that, but then the error in the browser console is:
solid-auth-fetcher.bundle.js:144 Uncaught (in promise) Error: schema is invalid:
should have required property '.oidcIssuer',
should have required property '.webId',
should match exactly one schema in oneOf
at Object.e.default (solid-auth-fetcher.bundle.js:144)
at f.loginHelper (solid-auth-fetcher.bundle.js:205)
at f.login (solid-auth-fetcher.bundle.js:205)
at Object.e.login (solid-auth-fetcher.bundle.js:190)Set version number on localstorage
Does solid-auth-fetcher also storage data in LocalStorage?
If so, what does that data look like?
I'm asking because we had some design flaws in the storage format of solid-auth-client that made upgrading difficult, so I'd want to verify that we've made better choices here.
TypeError: JWT must be a string
- Run
npm run dev-server - browse to http://localhost:3001
- fill in http://localhost:9001/ids/jackson#me as the user's webid
- on http://localhost:9001/login log in as jackson / ItsCoolGuy&MrFunkWhyCoolGuyWhy
- you'll see an error appear:
TypeError: JWT must be a string
at Object.module.exports [as decode] (/Users/michiel/gh/inrupt/solid-auth-fetcher/examples/test-helper/node_modules/jose/lib/jwt/decode.js:6:11)
at /Users/michiel/gh/inrupt/solid-auth-fetcher/examples/test-helper/src/test-server.ts:77:27
at Layer.handle [as handle_request] (/Users/michiel/gh/inrupt/solid-auth-fetcher/examples/test-helper/node_modules/express/lib/router/layer.js:95:5)
at next (/Users/michiel/gh/inrupt/solid-auth-fetcher/examples/test-helper/node_modules/express/lib/router/route.js:137:13)
at Route.dispatch (/Users/michiel/gh/inrupt/solid-auth-fetcher/examples/test-helper/node_modules/express/lib/router/route.js:112:3)
at Layer.handle [as handle_request] (/Users/michiel/gh/inrupt/solid-auth-fetcher/examples/test-helper/node_modules/express/lib/router/layer.js:95:5)
at /Users/michiel/gh/inrupt/solid-auth-fetcher/examples/test-helper/node_modules/express/lib/router/index.js:281:22
at Function.process_params (/Users/michiel/gh/inrupt/solid-auth-fetcher/examples/test-helper/node_modules/express/lib/router/index.js:335:12)
at next (/Users/michiel/gh/inrupt/solid-auth-fetcher/examples/test-helper/node_modules/express/lib/router/index.js:275:10)
at Immediate._onImmediate (/Users/michiel/gh/inrupt/solid-auth-fetcher/examples/test-helper/node_modules/express-session/index.js:495:7)onRequest is poorly considered
onRequest was added in order to match functionality with solid-auth-client. But it is a poor feature (see conversation here #57)
Security issues in the `example` code
The code featured in the examples folder triggers a GH security alert:
- acorn: examples/native/package-lock.json
- minimist: examples/native/package-lock.json
- mem: examples/native/package-lock.json
Maintaining this code manually is going to be a bit tedious. A possible approach is to add a dependabot config to include these packages in the automatic updates.
fragment identifier in openid-configuration URL?
I'm running latest master and seeing it retrieve
https://michielbdejong.inrupt.net/.well-known/openid-configuration#me
Shouldn't that be
https://michielbdejong.inrupt.net/.well-known/openid-configuration
instead?
`htu` claim is not properly constructed when there are tiple slashes in the URL.
Description of the bug
When requesting a private resource located at https://{lpd:storage}/private.ttl , the DPoP HTTP header contains the claim "htu": "null/{ldp:storage}/private.ttl". From what I can tell that null should be https. This is making the resource server respond with a 403 Forbidden.
Desktop information
- OS: OS 10.15.5
- Browser: Firefox 77.0.1
Ensure the client can be used from a Web Worker
Is your feature request related to a problem? Please describe.
We should ensure the client can be used from a Web Worker, so request-heavy code (think queries) can run in a background thread.
A problem could be that LocalStorage is not available in workers, so we'd have to proxy credential access to the main thread.
Describe the solution you'd like
- add a test with a Web Worker
- possibly fix LocalStorage to make that test work
Describe alternatives you've considered
- main thread, but that can make things sluggish
Additional context
Support for solid-auth-client's ".on" function
When trying to upgrade an existing library, I ran into a blocker. The solid/react-components library (and by extension, the React SDK) uses LiveUpdates and websockets, which under the hood uses a .on call. It seems the current fetcher does not support .on yet.
Event listener that combines login and logout
Currently, if you want to trigger a function on both login and logout, you need to register the event listeners separately. It would be more convenient to have a third event listener that triggers on both.
Bundle size is 1.01 Mib
Ultimately this would be much lower (244KiB), here is the bundle makeup:
The largest problems are:
- node-forge: a transient dependency of node-jose
- node-jose: As far as I can tell, this is tree shaken as much as possible.
- ajv: It might be possible to limit its size using ajv-cli https://www.npmjs.com/package/ajv-cli to precompile schemas.
- lodash: There's only one lodash function used in my codebase, the rest is probably transient. This could be helped by https://github.com/lodash/lodash-webpack-plugin, but it's only compatible with
babel-loaderand we're usingts-loader - eliptic: a transient dependency of node-jose for generating eliptic curves
Why do we have a separate ISessionInfo object?
When reading the docs, I saw a weird
session.info.isLoggedIn
What's the rationale for having this ghost object, instead of:
session.isLoggedIn?session.webId?session.sessionId?
The notion of info objects is not something I see in interfaces; I think it may point to a design flaw.
I also want to point out that, even if there is some need for such an info object (read-only session, maybe?), that one does not exclude the other. We could perfectly have session.isLoggedIn and other.isLoggedIn. The session.info.isLoggedIn just reads like a flaw.
Remove Expiration from the DPoP token
My mistake when I originally wrote this. DPoP tokens don't have expiration dates (https://tools.ietf.org/html/draft-fett-oauth-dpop-04#section-4.1). This line should be removed (
)Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.