I’m working on a localFirst /offline App with backend on Solid
https://scenaristeur.github.io/verse/
code GitHub - scenaristeur/verse
with jsonld in indexeddb verse/idb-nodes.js at main · scenaristeur/verse · GitHub
but i’ve got a question about the Solid login :
if the app go offline, should’nt be the user logged out automatically ?
Shouldn’t @inrupt auth library detect when the app is offline without the need of refreshing the page ? and say “the user is not connected to the POD” ?
There are serious problems with the Inrupt library logout. It does not log you out from the IDP, only from the app. See Login button visible with private resource using nss #78 · Issue #78 · solid/solidos · GitHub.
Offline detection is notoriously difficult (as in, there’s a native in-browser API that does it, but it’s pretty unreliable by necessity). The auth library only indicates whether you have credentials that should be valid when you try to communicate with a Pod, not whether there’s an actual live connection.
As for not logging out from the IDP: IMO that’s expected behaviour. For example, if you use “Sign in with Google” or “Sign in with GitHub” to log in to this forum, you wouldn’t want to be signed out of Google or GitHub after you signed out from this forum either.
As for not logging out from the IDP: IMO that’s expected behaviour.
Perhaps it is acceptable behavior if there is a way to log out. I can got to google and logout. Also google has methods to have more than one account so I can either logout of account1 and then login to account2 or stay logged in to both. None of those things are possible with the Inrupt authn., I can not open WebId-A, logout and open WebId-B (from the same IDP) and I will never be able to until there is an auth library that impacts the IDP login.
That’s up to your identity provider to provide! While you can go to Google to log out, what you can’t do is log out of your Google account from this forum’s interface. Likewise, an arbitrary Solid app can’t log you out of your identity provider, but if you go to your identity provider, it could allow you to sign out and/or manage multiple accounts. The auth library can’t force that to happen though; that has to be done by the identity provider itself.
That’s up to your identity provider to provide!
Yes, and no. AFAIK (which isn’t very far) there are specs defining a /.well-known/logout endpoint. I am not sure which if any IdPs provide it. I am fairly sure Inrupt’s auth client doesn’t provide any method to communicate with such endpoints if they exist.
I think that the problem that @jeffz say and that I’ve faced too is that the user is not really logout, and the prompt for choosing another webid should be accessible after logout.
I f I logout I should be able to choose another webid to login. The matter is that the old webid is still somewhere and we can’t switch to another. Should I clean something in localstorage to be able to use another webid ?
@Smag0 - no, cleaning localStorage or cookies is not the issue. The issue is that there is a record of your login at the IdP and that is what remains after logout, not the local stuff.
You are not ok with the solution but I think you are for the matter.
I think this is a security issue.
If I logout, this is not normal that the session is restored. Let’s say that I left the room and the computer is used by another person. That person can accès my data with no ask for webid.
I agree with you, it is a security problem. It also causes very confusing situations for SolidOS where you are logged out of some things but not others. I’m not sure what you mean by “You are not ok with the solution but I think you are for the matter.”
My dumb solution : cleaning localstorage
Our matter: user are not properly logged out
Ah, got it. Yes. And not so dumb, it was the first thing I tired too :-),
I talked about a similar topic a while ago, you may find this useful: https://forum.solidproject.org/t/authenticating-offline-first-solid-apps
As others mentioned, it’s not easy to know if a user is online or not. I like how Jake Archibald explains it in this presentation when he refers to this as Lie-fi.
But I think the issue with being offline is not about logging out, is it? If you’re offline, I see no reason why the authentication library wouldn’t be able to log out. After all, the library doesn’t store the token anywhere and requests it again after every refresh. So any data that the library is storing should be removable without an internet connection. This would be a different story if upon logging out you wanted to log out from the identity provider as well, but with the current implementation that’s not possible anyways (as Jeff mentioned).
@jeffz to logout my app , i have to got to solidcommunity.net, then login and logout. And then i can login with another webid .
@Vincent is this the behaviour that you that is expected as i’ve understand ?
If you’re offline, I see no reason why the authentication library wouldn’t be able to log out. After all, the library doesn’t store the token anywhere and requests it again after every refresh. So any data that the library is storing should be removable without an internet connection.
It could, but I don’t think you’d want to be disconnected from your Pod if your train drives through a tunnel 
Sort of, although solidcommunity.net could make that process easier by also allowing you to switch accounts as you connect your app to it.
no because the login window does not appear after a logout from my app. when i come back and choose the same provider, the user is automagically logged in and i can’t choose another one.
Only a logout on solidcommunity.net can really logout and show the windo to choose the new webid.
Yes, that’s the current behaviour. What I’m saying is that solidcommunity.net could show you an account picker there.
i would like to switch user without going to solidcommunity but only from my app… is it possible ?
or that if someone use the device after me , my user is not automatically connected if i have choose to logout
No, only if your user’s Solid Identity Provider supports that (by just sending them back to it). Which in the case of solidcommunity.net is not the case.
ok, so this is a solidcommunity issue . Thxs