Thank you so much for your reply, @ThisIsMissEm!
Now it’s clear for me that I should not use session.clientAuthentication to retrieve clientAppId and clientAppSecret after the user is logged in, but then my question is, how can I get that info from the user (id and secret) in the browser or it’s simply not possible?
On the other hand, I’ve been able to make the code below work in a separate node.js instance:
await session.login({
oidcIssuer: SOLID_IDENTITY_PROVIDER,
clientId: id,
clientSecret: secret
});
The only problem is that it only works when I use the client Id and secret from the following screen (Inrupt’s server):
which means that I need to access https://login.inrupt.com/registration.html and manually register my app there. This is also a concern because it’s not an option for any SOLID server, only those which allow this feature, if I understand it correctly and eventually it can grant the app access to resources of users who have info in an Inrupt Pod but not “solidcommunity.net”, for example, or my own public Community Solid Server instance.
In summary to briefly describe my goal and not complicate things, I’ll try to explain the objective of the topic and the way I thought it would be possible to achieve.
I have a SOLID web app and a user that logs in within the app using its SOLID issuer account. After a valid authentication it has some credentials (client ID, secret, token, whatever…) that can be sent to a middleware server in order to act on behalf of this user. The middleware server can use clientId and clientSecret for example to get a token and from there interact with the SOLID Pod.
Here you can find also a diagram and the related inspiration from the original Music Platform thread
Maybe there’s a better approach to the described problem. I can think of the existing thread: Third-party resource verifying a session token to find similar references.
So, if I’m not wrong, it should be possible to run an API call about a user’s piece of information in a node.js app, including clientId and clientSecret, like the described at:
node dist/authenticatedScript.js --clientId <the client id> --clientSecret <the client secret> --oidcIssuer <the issuer that issued the token> --resource <the private resource you want to access>
Thanks in advance and sorry for the verbose 