Are you developing iOS or Android? Which language (Swift/ObjC, Java/Kotlin)?
1 Like
@dprat0821 I am developing in Android and using Java. Right now testing with REST API. Trying to find the authentication header type to log into the POD using REST API rather than a pop-up. If this doesnât work, i am thinking of using webpage service in android (not sure about this though). Any help on this will be greatly appreciated.
@dprat0821 Did a bit more research on this. It seems that i can use custom chrome tabs in my android app to make a user login to a solid pod. Solid uses WEBID-TLS for its primary authentication and uses a private key stored inside a security certificate received when user logged in (alternate for a bearer token). Right now i am having hard time finding out how to use this private key to write data into my solid pod. I think it might be similar to how solid based web apps communicate with the pod (which i am trying to understand now).
Thats not true anymore. WebID-OIDC is the most common auth mechanism
1 Like
Thats great. (need to update the git up spec page though - the word âcurrently implementingâ made me to come to that conclusion but good to hear that its already there.
In this case, do you know how can we send a POST request to soild pod with necessary auth information using postman?
Unfortunately I struggled with that myself but did not had the need to follow up on it further. I think webapps eventually get a cookie they use, not sure if JWT or similar is possible as well, but would be interessted myself if someone has a definite answer on that
@moisesj what version of solid are you using? have you tried 5.2.2? It expects an URI extracted from that token.
You can use âHTTPâ send request,
For example:
Provider is âsolid.communityâ, username is âtestâ, password is âtestâ,
Login Url: https://solid.community/login/password
Http Request Method: POST
Content-Type: application/x-www-form-urlencoded
Data: username=test&password=test
Send âHTTP Requestâ using the above key data,
If username and password are verified, You can find âSet-Cookieâ in the response header,
Itâs like ânssidp.sid = s% 3Av7FcWSRdQkMw-1X5LGGVWIxyJr42HKB7.9% 2Bdp9dxJyB9T7sjipLxkYKKeimyf% 2BUkdpPVZ% 2BSm6ndM; Domain = .solid.community; Path = / On; 28; Expires; 20â
If username or password verification fails, âSet-Cookieâ does not exist in the Response Header.
And then, you can add cookies to âHttp Request Headerâ and do what you want.
I think this way is easier, but it may not be safe.
2 Likes
Hi Leoudayan
Just noticed your post.
In case you are still interested in developing a mobile app, I experimented a couple of years ago in iOS using Swift.
This app uses the javascript rdflib.js library for reading data:
https://github.com/wrmack/RDF-iOS
Authentication is much more difficult. Native apps use a different flow control to browsers. Reading the relevant RFCs was helpful. I copied from an iOS OIDC library to experiment with retrieving tokens here:
https://github.com/wrmack/Get-tokens
This is a profile browser which combines authentication and data manipulation:
https://github.com/wrmack/Profile-browser
In iOS I used the Clean Swift design pattern (view controller-interactor-presenter-router). The grunty stuff is in the interactors.
I am intending to revisit these shortly using the new SwiftUI framework.
2 Likes
Thanks, wrmack â Iâm thinking about adding use of Solid to my existing Swift iOS app. Iâm going to look into what you have posted.
1 Like