Are you developing iOS or Android? Which language (Swift/ObjC, Java/Kotlin)?
@dprat0821 I am developing in Android and using Java. Right now testing with REST API. Trying to find the authentication header type to log into the POD using REST API rather than a pop-up. If this doesn’t work, i am thinking of using webpage service in android (not sure about this though). Any help on this will be greatly appreciated.
@dprat0821 Did a bit more research on this. It seems that i can use custom chrome tabs in my android app to make a user login to a solid pod. Solid uses WEBID-TLS for its primary authentication and uses a private key stored inside a security certificate received when user logged in (alternate for a bearer token). Right now i am having hard time finding out how to use this private key to write data into my solid pod. I think it might be similar to how solid based web apps communicate with the pod (which i am trying to understand now).
Thats not true anymore. WebID-OIDC is the most common auth mechanism
Thats great. (need to update the git up spec page though - the word “currently implementing” made me to come to that conclusion but good to hear that its already there.
In this case, do you know how can we send a POST request to soild pod with necessary auth information using postman?
Unfortunately I struggled with that myself but did not had the need to follow up on it further. I think webapps eventually get a cookie they use, not sure if JWT or similar is possible as well, but would be interessted myself if someone has a definite answer on that
@moisesj what version of solid are you using? have you tried 5.2.2? It expects an URI extracted from that token.
You can use ‘HTTP’ send request,
Provider is ‘solid.community’, username is ‘test’, password is ‘test’,
Login Url: https://solid.community/login/password Http Request Method: POST Content-Type: application/x-www-form-urlencoded Data: username=test&password=test
Send ‘HTTP Request’ using the above key data,
If username and password are verified, You can find ‘Set-Cookie’ in the response header,
It’s like ‘nssidp.sid = s% 3Av7FcWSRdQkMw-1X5LGGVWIxyJr42HKB7.9% 2Bdp9dxJyB9T7sjipLxkYKKeimyf% 2BUkdpPVZ% 2BSm6ndM; Domain = .solid.community; Path = / On; 28; Expires; 20’
If username or password verification fails, ‘Set-Cookie’ does not exist in the Response Header.
And then, you can add cookies to ‘Http Request Header’ and do what you want.
I think this way is easier, but it may not be safe.