Python library to authenticate with client credentials

I’ve implemented the client credentials authentication in a python library. It takes as input the client id + secret (from ESS or CSS, this is not standardized) and then handles the DPoP authentication. I did not try it out in an app yet, but authenticating with client credentials works so far for CSS and ESS.

Documentation: SolidClientCredentials
Source code: GitHub - Otto-AA/solid-client-credentials-py: Solid authentication with client credentials in python

And here’s an example usage (after doing pip install SolidClientCredentials):

from solid_client_credentials import SolidClientCredentialsAuth, DpopTokenProvider
import requests

client_id = 'your-id'
client_secret = 'your-secret'

# The server that provides your account (where you login)
issuer_url = ''

# create a token provider
token_provider = DpopTokenProvider(
# use the tokens with the requests library
auth = SolidClientCredentialsAuth(token_provider)

res = requests.get('', auth=auth)

Regarding the standardization: Obtaining client credentials is not standardized and it’s different with ESS and CSS. But I think it allows to authenticate as a webId on these servers which also allows users from other Solid servers to interact with such applications. Therefore, the standardization limitation is only about where you host your applications webId (ESS/CSS), not about which users can give access to your applications webId (every standard compliant user). If you have thoughts on this please share them, I still need to understand this better.


Very nice!
Regarding ‘where you host your applications webId’ is correct. You need to be able to register a client (and get a client id and client secret) from that IdP. However, don’t forget about the Solid-OIDC, client id as a document. In this case, which also gives the user more choices, does not require registration on IdP.

Hi, thanks for your comment!

(edited): solid-flask is a python demo that uses Solid-OIDC. It had an issue with ESS, but I’ve made a merge request to fix it which works for all providers (CSS, ESS, NSS).

When I have time I’ll try to extract the authentication functions to a reusable library. However, university started again today so I’m not sure yet how much time I will have.

Well, turns out uni is a good procrastination motivation: solid-oidc-client · PyPI
It allows python apps to authenticate via Solid-OIDC, by redirecting users appropriately and using DPoP headers to authenticate requests. There’s still room for improvements (e.g. refreshing expired tokens), but I think it’s a good starting point.