I have statically registered my app at broker.pod.inrupt.com and included the client secret and client id in a .env file, and they are importing correctly. However, when I try to authenticate using them I am met with the error invalid client (Invalid client credentials)
I have copied the code exactly as described, so is the tutorial outdated? If so, what do I need to do in order to enable this app?
It looks like our documentation there is using a different URL to the one you’d want; if you login at broker.pod.inrupt.com, then that’s the issuer you’ll want to use, not login.inrupt.com (a newer environment we’re still releasing)
I tried using login.inrupt.com and that seemed to send a response, where I was receiving the issue using broker.pod.inrupt.com, though you and your teams would know more about that than me. Thanks for the help!
I will say though that there is still an issue - using login.inrupt.com allows the request to go through, but the session’s webId is id.inrupt.com, which throws an error when trying to write with authentication to pods that are hosted on pod.inrupt.com. I figure I need to be using broker.pod.inrupt.com but the earlier invalid credentials error is still persisting.
So you’ve created a client at broker.pod.inrupt.com and when you session.login you’re passing oidcIssuer of https://broker.pod.inrupt.com? If so, that should work.
That said, login.inrupt.com is different, but does use the same users database, so the user logins work on both, but clients are tied to a specific instance.
I know this can be confusing, so bear with me: on one hand, you have the identity provider, where you enter your login/password, and on the other, you have the Solid-OIDC Providers, which makes it so that applications may know your WebID and access your data on your Pod. These two may be one and the same, as they are in CSS/NSS, but they also can very well be separate services, which is the case for ESS.
What @ThisIsMissEm is saying is that both http://broker.pod.inrupt.com/ and http://login.inrupt.com/, which are two different Solid-OIDC Providers, communicate with the same underlying Identity Provider, which means you will successfully log in with the same username/password for both Solid-OIDC Providers (because the username/password is managed by the underlying Identity Provider, which is unique in this case).
However, each Solid-OIDC Provider ties in a different set of services, which explains the discrepancies you’re observing:
login.inrupt.com will associate your user account to a WebID hosted on id.inrupt.com, and to a Pod hosted on storage.inrupt.com. That’s the latest version of ESS, which is still in early access.
broker.pod.inrupt.com will associate your user account to a WebID hosted on your Pod, under pod.inrupt.com. That’s the stable deployment of Pod Spaces, based on a legacy version of ESS.
So to summarize, if you want to work with your pre-existing Pod at https://pod.inrupt.com/<username>/, using your WebID looking like https://pod.inrupt.com/<username>/profile/card#me, you’ll want to log in to broker.pod.inrupt.com, and to register your static client at Application Registration.