Implementation of Webid-OIDC in Guile

Dear all,

I am working to bring Solid to the GNU Guile programming language. I have finished the main parts of the webid-oidc authentication scheme.

I will now focus on the Web Access Control and Linked Data Platform parts.

I think Solid is a great opportunity to build user-respecting free software, because since it allows independent applications to be interoperable, it is easier to replace a proprietary application with a free one (see, What is free software? - GNU Project - Free Software Foundation). With its emphasis on linked data, it is also possible to steer away from mis-using a web browser (see, The JavaScript Trap).

(I know that the latter opinion is not widely shared among Solid developers, but it is important to me)

4 Likes

The source code is available on my private server, webid-oidc.git - Implementation in guile of the Solid webid-oidc spec.
It is somewhat documented, https://webid-oidc.planete-kraus.eu/

Lovely to behold a new language implementation and that following a true GPL-licensed FOSS approach :partying_face: Congratulations on the project, and thank you.

1 Like

Great initiative and progress @vkraus! You should probably check out the latest draft of the authentication protocol - solid-oidc, which supercedes webid-oidc.

Anytime you need, you can check out Solid Technical Reports for a current listing of specs in the ecosystem.

1 Like

Thank you. I am aware that the standards are moving, I keep an eye on both this document and DPoP. I named the project when the protocol was called webid-oidc, and even if some things changed (the webid field of the ID / access token, or the client identifier, for instance), the spirit is the same. If I get a chance, I will rename it.

1 Like

Dear Solid community,

Today I finished the essential features of my server. There are known shortcomings:

  • no json-ld support (only Turtle is considered RDF);
  • no LD-PATCH support;
  • no websocket pubsub API (although, if I understand correctly, the standardization is not yet done for that part);
  • no TLS for the server, and the server is only HTTP/1.1 (it is intended to be run behind a reverse proxy).

I have not deployed it yet, because I first need to develop the client application so that I can dismiss inbox notifications before I get overwhelmed by spam. When it is done, I will put test POD online so as to test, debug and fix the myriad of embarrassing errors that I sure made.

In the mean time, if you feel curious, you can run the buggy server. I even packaged it in a docker image:

docker run --rm -it docker.io/vivienkraus/webid-oidc webid-oidc -h

For the full server, you would run the following command inside the container:

webid-oidc server --port 8080 --server-name 'https://data.provider.com' --key-file 'key.jwk' --subject 'https://data.provider.com/profile/card#me' --password "hello" --jwks-uri 'https://data.provider.com/keys' --authorization-endpoint-uri 'https://data.provider.com/authorize' --token-endpoint-uri 'https://data.provider.com/token'

Obviously, you would change the ‘https://data.provider.com/’ prefix, and the password for the identity provider, and expose port 8080.

Stay tuned, for I will deploy it on my server as soon as I can!

1 Like