403 dummy error


I have 403 (User Unauthorized) errors I don’t understand:

Using an app I deployed on http://localhost:3000/
on which I am authenticated as user1.solid.community
I try to update files of user2.solid.community

user2.solid.community trusted app includes http://localhost:3000 (and also http://localhost:3000/ and also user1.solid.community), all having all privileges.

I however get the 403 error.

Something wrong, where?

Could you perhaps share the contents of https://okitwo.solid.community/public/shoutbox/note1578150875.ttl.acl?

As something to try in the meantime, although I’m not too familiar with the trustedApp spec, reading through it I think user1.solid.community might be the one who’d need to add localhost:3000 as a trustedApp to their profile, rather than user2? Which would make sense, since there’s really no way for the client to know to look in user2’s profile given just the information provided by that resource.

(Since the Pod needn’t necessarily be on the same domain, you can get to a Document in user2’s Pod from their profile, but you can’t get to their profile from that Document unless it explicitly links back to it.)

I answer me in case other dummies come around here:
Adding apps in the list of trusted apps authorize them to enter the server.
Then they will have to pass security control to enter each folder. Setup of those gates is done using the padlock you see close to the name of the folder.