Requesting an Access token with clientAppId and clientAppSecret

Thanks @Vincent and @ThisIsMissEm for your input :slight_smile:

I’ll try to recap and propose a different approach based on the architecture that was mentioned in the Music Platform thread, which means the web app needs a centralized/common server where it can grab all the info about people registered sharing resources. With a decentralized network as SOLID aims, it is required to find solutions, as far as I’ve learnt, so services like YouTube, Spotify, etc can be built, otherwise there’s no way for the users to exchange assets among them without previously knowing each other, correct me if I’m wrong, please.

OPTION 1
The following animation describes the process of authentication with a SOLID server and shows how the web app is relying on a third party custom service to perform actions on behalf of the authenticated user. The Common Server can track all interactions made by the users because it’s responsible for them.

option-1

OPTION 2

On the other hand, as an alternative (see animation below) , the web app is talking directly to the SOLID server and notifying the Common Server about the interactions afterwards. The only issue or concern I see in this approach, is how can the Common Server verify when it’s notified by the client that the action was actually made by it ? (Steps 7 and 8 of the animation).

option-2

In summary, to make possible Option 1:

  1. “need to do two authentication flows, one for the client, and one for the server-side” @ThisIsMissEm

How can I do authentication of a specific user in the server after the user is authenticated in the browser? I’m not sure if it refers to creating a request for the client so it passes {issuer, user and password (encrypted)} and then handling login in the server. Or maybe something like this, @ThisIsMissEm ? => Authenticate (Node.js Web Server)
Is it what you mentioned with your comment “You can indeed do completely server-rendered apps” ?

  1. “server component have it’s own WebID and to grant that WebID access to specific parts of the pod, such that the server acts as it’s own agent & not on behalf of the user” @ThisIsMissEm

I’m not aware of this possibility, sorry. I’d need to dig into it a bit more.

  1. " to only do auth on the server, and have the server mediate all Pod interactions" @Vincent

How can you do auth only in the server @Vincent and still track clients interactions in a trusty way?