My Python Authentication Nightmare Continues

A few years ago, with @jeffz help, I got a sucessful login using the Anvilworks Python environment.

For whatever reason I stopped working on the project and focussed on larger corporate knowledge graphs in RDF.

Recently, I was asked to give a detailed update on the solid initiative at my firm. It seemed that some things had moved forward, so I set my mind to trying again. I took a new login at Inrrupt ESS and tried to follow the directions given in the OICD-Primer. Needless to say, things are not looking good using this approach.

I like to understand how things work before I commit to library solutions. I have made some progress and seem to be failing on the last hurdle. In this repo, I use the ‘pyoidc’ library for the main authentication, it seems to give an auth code and state (end of step 11).

However, after forming the DPoP, I get back “invalid client credentials”.

ESS do not recomend dynamic client registration, which ‘pyoidc’ seems to use. I also don’t understand the relationship between the client’s id document and the client_id from the manual registration process and the role of webid’s of the primary user of the app and any other users who might have authorised access (say for photo sharing).

I really feel that I am not alone in this sea of confusion around the auth process, which is the centrepiece of solid. After all, at heart it is a webserver with OIDC for security. The complexity is a real impediment to adoption.

Any help that can be offered to get me to understand it and then trust either my own or other libraries will be greatly welcome. I am focussing on Python because my javascript skills are not great and in reality to be viable we can’t rely on a single technical stack. It should be able to work with native apps, jupyter notebooks, even curl!

Hey Simon

I’ve created a proof-of-concept oidc authentication for python two weeks ago, you can find it here: solid-oidc-client · PyPI. It still lacks some stuff (I think most importantly handling refreshing of tokens), but at least it’s a good starting point. You can find the source code on github.

For this you likely need to include a basic auth with (client_id, client_secret) in the request. This wasn’t clear to me either, so I’ve created this issue for the Primer (also solid-flask had the same issue). Here is the corresponding code of it (note the auth=(self.client_id, self.client_secret)):

FYI, the link is dead or private.

I wonder if you can get any useful inspiration from GitHub - qxf2/sample-python-solid-app: A sample Python Flask app Qxf2 wrote to tinker with Inrupt's Solid

[edit] I guess it’s too general cause not using auth.