Authentication/Solid-OIDC implementation, in Python, and beyond?

I’m writing an application for Solid in Python. Specifically, this is a FUSE implementation for accessing resources in Solid Pods. The reason for not using JS is obvious: for system programming (e.g. FUSE), JS is not a good choice and lacks a lot of libraries.

I do manage to implement something (repo here), but there is an issue for using it for wider contexts: the library I depend on only supports NSS.

After further investigation, it seems this is because of the lack of implementation of Solid-OIDC in Python (discussion).
I also looked at the list of libraries from solid project website, particularly the part about libraries in languages other than JS. For Python, they are all discussed in the reference above.

So, does anyone know a Python library that does the job?
How about the case in other languages that are normally considered suitable for system programming(e.g. C/C++, Golang, Rust, etc)?

And related, what was people’e experience in implementing Solid-OIDC? I mean, is it hard or complex (time-consuming) to implement?
I’m totally naive to this topic, and merely know what OIDC is and its general flow. I also have roughly no idea what is the difference between normal OIDC and Solid-OIDC.
(I did try to read the Solid-OIDC Primer, in the hope to understand how to improve the implementation; but I only got confused by almost everything.)

1 Like

This is a new server written in Rust ; GitHub - manomayam/manas: Manas project aims to create a modular framework and ecosystem to create robust storage servers adhering to Solid protocol in rust..

1 Like

You could try my solid-oidc-client · PyPI library. For proof-of-concept projects I think it’s enough. For more than proof of concepts you likely would need to modify it.

There’s also this one using static client credentials (but if possible, I think you should stick to Solid-OIDC):

1 Like

Hi there!
Good to see the author alive :stuck_out_tongue:
I did have a look of solid-oidc-client, as you have linked it in the discussion in that PR. However, as you mentioned in the README, the refreshing of expired tokens is a missing feature. That poses problems for my use case, as a filesystem is expected to run somewhat forever…

And if I understand correctly, this library requires the user to manually log-in from browser? I see this is a result of using OIDC. But from that perspective, maybe client credentials is a better choice…?

Thanks Jeff… Good to see alternative Solid server implementations in other languages. But that’s… server ;( I presume the OIDC procedure for client and server are different.

Hi, I’ve always been alive :slight_smile:
Just not having the time (and sometimes motivation) to finish all my projects.

Yes, it does not refresh tokens, that would still have to be implemented. I don’t know what the expiration time is for the different servers (if it’s minutes, hours or days), so it indeed could be an issue for practical usage. You would probably also need to use a different storage rather than MemStore, so that the keys are not lost on a restart.

Afaik, Solid-OIDC requires an interactive login. At least I’ve interpreted step 6 of the Primer like this.

I think it would be fine to let the user once open an URL to login, they will need to authenticate in one or another way. With client credentials, I think it would be easier to get started as the library is more robust (with token refreshing iirc), but the way you obtain the credentials depends on the identification provider, which is likely a worse UX.

1 Like

The other project you’ve mentioned (GitHub - trompamusic/solid-oidc-app-permission: A utility for performing solid Web Application Authentication) also implements Solid-OIDC from a client perspective (for this aspect, the python server acts like a client for the Solid-OIDC protocol). I didn’t look much into it, but most of the relevant code seems to be here:

1 Like

Yes that’s true. Maybe I could do something like other desktop applications supporting OIDC (e.g. thunderbird), to store the credential permanently.

Actually the better UX is to standardize client credentials, so servers all have a way to generate them. But surely that’s out of the capacity of me, and requires a long time…

1 Like