Accessing SOLID pod from a mobile application


Are you developing iOS or Android? Which language (Swift/ObjC, Java/Kotlin)?


@dprat0821 I am developing in Android and using Java. Right now testing with REST API. Trying to find the authentication header type to log into the POD using REST API rather than a pop-up. If this doesn’t work, i am thinking of using webpage service in android (not sure about this though). Any help on this will be greatly appreciated.


@dprat0821 Did a bit more research on this. It seems that i can use custom chrome tabs in my android app to make a user login to a solid pod. Solid uses WEBID-TLS for its primary authentication and uses a private key stored inside a security certificate received when user logged in (alternate for a bearer token). Right now i am having hard time finding out how to use this private key to write data into my solid pod. I think it might be similar to how solid based web apps communicate with the pod (which i am trying to understand now).


Thats not true anymore. WebID-OIDC is the most common auth mechanism


Thats great. (need to update the git up spec page though - the word “currently implementing” made me to come to that conclusion but good to hear that its already there.

In this case, do you know how can we send a POST request to soild pod with necessary auth information using postman?


Unfortunately I struggled with that myself but did not had the need to follow up on it further. I think webapps eventually get a cookie they use, not sure if JWT or similar is possible as well, but would be interessted myself if someone has a definite answer on that


@moisesj what version of solid are you using? have you tried 5.2.2? It expects an URI extracted from that token.


You can use ‘HTTP’ send request,
For example:
Provider is ‘’, username is ‘test’, password is ‘test’,

Login Url:
Http Request Method: POST
Content-Type: application/x-www-form-urlencoded
Data: username=test&password=test

Send ‘HTTP Request’ using the above key data,

If username and password are verified, You can find ‘Set-Cookie’ in the response header,
It’s like ‘nssidp.sid = s% 3Av7FcWSRdQkMw-1X5LGGVWIxyJr42HKB7.9% 2Bdp9dxJyB9T7sjipLxkYKKeimyf% 2BUkdpPVZ% 2BSm6ndM; Domain =; Path = / On; 28; Expires; 20’

If username or password verification fails, ‘Set-Cookie’ does not exist in the Response Header.

And then, you can add cookies to ‘Http Request Header’ and do what you want.

I think this way is easier, but it may not be safe.