I am writing an App that is written in Scala. As far as I am aware there are no tools available for authenticating a user that are not browser based? I am guessing I could use the Apache Jena library for manipulating the RDF but I have no idea how I would go about authenticating the solid user first?
Solid-auth-cli provides nodejs/console-based persistent login. It has the same interface as solid-auth-client, but works outside the browser. Currently there is no standard way for a server to communicate login details, so this library uses specific code (in the solid-cli package) to mimic a browser in its interaction with NSS and will need modification when other servers come online.
Hi, can you give more detail about your app? Is it a server app or a browser app? I have written a prototype app in Scala.js which uses solid-auth-client and the other Solid JS libs through the interoperability with JavaScript, this is possible nowadays.
But anyone installing my (Scala) Desktop App would also have to install nodejs so it could use solid-auth-cli?
And what if I wanted to port my app to mobile devices such as Android?
Yes, it’s true, there is currently AFAIK, no login to Solid without nodejs or a browser, but to say that you “can not use Solid in a Desktop app” in general is a not correct both because it is quite possible with some toolsets and because even where login is not possible, one can still have a Solid desktop app that accesses public information.
You might try doing what solid-cli does - mimic a browser and submit the data that would be submitted in a browser form.
It can be done, but it will be hacky and not applicable to any future Solid servers. You could start by looking at the code in solid-cli or by seeing what a login form sends to the server and recreating that with a REST request outside the server.
I’ll be glad and appreciate to hear about any progress with a login library for Scala/Java. I think it is also important for Android apps for example.
There are several issues regarding WebId-OIDC in the specification drafting section on github, so I’d guess that this will be (or already is?) the standard used. There’s also a webid-oidc-spec repository, but I don’t know if it is up to date. If you want to know more about it, these two repositories are probably a good starting point. But I also want to point out, that most of my info is just from searching things up, so I may be completely wrong :))
I am not speaking about the web-id-oidc spec. I am talking about what endpoint on the server receives the login information and what the communication with the endpoint looks like. AFAIK, there is no standard for those kinds of things.
Ok, I see. I’ve also found that now (which I guess is still the current status):
The exact mechanism used to sign in is up to the provider, and all of the usual choices apply (WebID-TLS browser-side certificates, username and password, hardware-based FIDO 2/WebAuthentication devices, federated sign-in with the likes of Github/Facebook/Google and so on).
You said its possible to use Solid with some toolsets. Is there a way I could use something like the Apache Jena library to manipulate RDF data once I have authenticated using the solid-auth-cli? Or is there another option?