Login from local website

Is it possible to login from a local website (e.g. file:///path/to/index.html)?

I’ve tried it via the popup (solidAuth.popupLogin({ popupUri: 'https://solid.community/common/popup.html' })), yet this doesn’t work if tested with a file:/// path (localhost and on server do). The errors I get in the console are:
Could not deserialize data: undefined popup.html:24:121155
DOMException: “An invalid or illegal string was specified” popup.html:24:121201

Is this disabled due to a security concern, or just not implemented/a bug?

1 Like

I also tried to use a local popup.html file in my client running locally with http-server on Node (also running a server locally to connect to). The popup opens, but when I try to login with my local pod, it returns the error: {"error":"invalid_request","error_description":"Mismatching redirect uri"}. However, when I use a popup that is hosted somewhere, for example: popup.html, the login works fine.

It seems like a security concern to me. I’m interested in running everything locally, so I’m definitely interested in an answer to this.

Hi !

Using the browser to explicitly access local files (file://path/to/file), as opposed to accessing local files served by a local HTTP server (running on http://localhost), comes with restrictions, and I expect many libraries won’t work in the former context, while they would in the latter.

All of the Solid protocol being deeply tied to HTTP, serving pieces of the architecture (Pod, Identity Provider, potentially the app) over HTTP is a requirement you won’t be able to work around I’m afraid. However, there’s no reason why you shouldn’t be able to run everything locally, provided that you configure your local HTTP server to serve your static popup file. I usually default to serve - npm when I want to locally serve files on my filesystem, and I’m sure there is a number of utilities out there providing similar features if this one doesn’t suit you for some reason.

Finally, just to be sure I’m clear on what you want to do, your client runs server-side, and you want to use a popup to authenticate, is that right ? I’m not 100% sure how the code running in the popup is configured, but I assume you’re using solid-auth-client, is that correct ? If so, I’m not entirely convinced that it can run in Node, it may need to run in a browser application (but don’t take my word for it, I’m not very familiar with this particular library). It also has some known security issues. If I understood your use case correctly, and you do want to run a Node HTTP server that serves a client application, you may be interested in GitHub - inrupt/solid-client-authn-js: A client library for authenticating with Solid, and in particular in @inrupt/solid-client-authn-node. Some doc is available at Authenticate — Inrupt JavaScript Client Libraries. Note that the popup feature isn’t supported in that library, so your users will be redirected to their Identity Provider (as it is the case in most OIDC applications, when you “Log in with…”

I hope this helps, but do let me know if I missed something of your use case :slight_smile:

Thanks for you extensive answer!

That makes sense, I think I confused some things, I run the client in the browser. The pop-up file I use is this one: popup.html which is packed with a bundle of scripts and is used in combination with solid-auth-client.

So I’m running the client in a browser application and the popup works if I use this:
const popupUri = 'https://melvincarvalho.github.io/helloworld/popup.html';
$('#login').click(() => solid.auth.popupLogin({ popupUri }));

However, when I try to run it locally I can still open the popup and see the login screen:
const popupUri = '../popup.html';
$('#login').click(() => solid.auth.popupLogin({ popupUri }));

But after logging in I get the following error in the popup screen:
{"error":"invalid_request","error_description":"Mismatching redirect uri"}

I will first check the serve package and otherwise the @inrupt/solid-client-authn-node.

Thanks again!