Invalid client credentials with inrupt App Registration

Hello all,

I am following along with this tutorial: Authenticate (Node.js: Single-User App) — Inrupt JavaScript Client Libraries

I have statically registered my app at and included the client secret and client id in a .env file, and they are importing correctly. However, when I try to authenticate using them I am met with the error invalid client (Invalid client credentials)

I have copied the code exactly as described, so is the tutorial outdated? If so, what do I need to do in order to enable this app?

Thank you in advance

It looks like our documentation there is using a different URL to the one you’d want; if you login at, then that’s the issuer you’ll want to use, not (a newer environment we’re still releasing)

1 Like


I tried using and that seemed to send a response, where I was receiving the issue using, though you and your teams would know more about that than me. Thanks for the help!

I will say though that there is still an issue - using allows the request to go through, but the session’s webId is, which throws an error when trying to write with authentication to pods that are hosted on I figure I need to be using but the earlier invalid credentials error is still persisting.

So you’ve created a client at and when you session.login you’re passing oidcIssuer of If so, that should work.

That said, is different, but does use the same users database, so the user logins work on both, but clients are tied to a specific instance.


Using it says my webID is hosted at and the oidcIssuer is - however I recall my webid being…/profile/card#me. Has something changed with my pod?

I know this can be confusing, so bear with me: on one hand, you have the identity provider, where you enter your login/password, and on the other, you have the Solid-OIDC Providers, which makes it so that applications may know your WebID and access your data on your Pod. These two may be one and the same, as they are in CSS/NSS, but they also can very well be separate services, which is the case for ESS.

What @ThisIsMissEm is saying is that both and, which are two different Solid-OIDC Providers, communicate with the same underlying Identity Provider, which means you will successfully log in with the same username/password for both Solid-OIDC Providers (because the username/password is managed by the underlying Identity Provider, which is unique in this case).

However, each Solid-OIDC Provider ties in a different set of services, which explains the discrepancies you’re observing:

So to summarize, if you want to work with your pre-existing Pod at<username>/, using your WebID looking like<username>/profile/card#me, you’ll want to log in to, and to register your static client at Application Registration.

Does that help?