Python library to authenticate with client credentials

A_A · February 19, 2023, 3:42pm

I’ve implemented the client credentials authentication in a python library. It takes as input the client id + secret (from ESS or CSS, this is not standardized) and then handles the DPoP authentication. I did not try it out in an app yet, but authenticating with client credentials works so far for CSS and ESS.

Documentation: SolidClientCredentials
Source code: GitHub - Otto-AA/solid-client-credentials-py: Solid authentication with client credentials in python

And here’s an example usage (after doing pip install SolidClientCredentials):

from solid_client_credentials import SolidClientCredentialsAuth, DpopTokenProvider
import requests

client_id = 'your-id'
client_secret = 'your-secret'

# The server that provides your account (where you login)
issuer_url = 'https://login.inrupt.com'

# create a token provider
token_provider = DpopTokenProvider(
    issuer_url=issuer_url,
    client_id=client_id,
    client_secret=client_secret
)
# use the tokens with the requests library
auth = SolidClientCredentialsAuth(token_provider)

res = requests.get('https://example.org/private/stuff', auth=auth)
print(res.text)

Regarding the standardization: Obtaining client credentials is not standardized and it’s different with ESS and CSS. But I think it allows to authenticate as a webId on these servers which also allows users from other Solid servers to interact with such applications. Therefore, the standardization limitation is only about where you host your applications webId (ESS/CSS), not about which users can give access to your applications webId (every standard compliant user). If you have thoughts on this please share them, I still need to understand this better.

Timea · February 20, 2023, 9:10am

Very nice!
Regarding ‘where you host your applications webId’ is correct. You need to be able to register a client (and get a client id and client secret) from that IdP. However, don’t forget about the Solid-OIDC, client id as a document. In this case, which also gives the user more choices, does not require registration on IdP.

A_A · February 20, 2023, 10:57am

Hi, thanks for your comment!

(edited): solid-flask is a python demo that uses Solid-OIDC. It had an issue with ESS, but I’ve made a merge request to fix it which works for all providers (CSS, ESS, NSS).

When I have time I’ll try to extract the authentication functions to a reusable library. However, university started again today so I’m not sure yet how much time I will have.

A_A · February 20, 2023, 7:20pm

Well, turns out uni is a good procrastination motivation: solid-oidc-client · PyPI
It allows python apps to authenticate via Solid-OIDC, by redirecting users appropriately and using DPoP headers to authenticate requests. There’s still room for improvements (e.g. refreshing expired tokens), but I think it’s a good starting point.

Topic		Replies	Views
Requesting an Access token with clientAppId and clientAppSecret	11	1131	January 17, 2023
My Python Authentication Nightmare Continues Developer Experience	2	469	March 7, 2023
The use of DPoP in the /token endpoint Build a Solid App	9	1358	October 23, 2021
How to issue a token with Python client	0	753	December 12, 2018
Jupyter Notebook Access to Private area of POD	10	555	February 20, 2023

Python library to authenticate with client credentials

Related Topics