Solid Interface development

Hi everyone,
I am a student and I’m trying to implement a communication interface for Solid. I recently started Solid and I’m doing a “Preparation for Solid”. I will try to describe my environment now and then start to post some questions (which I will try to propose even during next Solid Online events).

Description:
The purpose is to activate a pod and dial us to perform all available operations. At the moment I am looking for (re-) implement the API calls of the Inrupt library on a back-end nodejs, and serve them through Express.js based on the type and content of the HTTP Request received (which I will pre-configure).
E.g. I will receive a HTTP request at localhost:port
{type: “GET”; operation:getContainer; resource:sample.txt, ecc ecc ecc}
This is a synthesis of my work.

Questions:

  1. An external user who must log in to access a resource with restrictions what needs? Should he also have an account on a pod provider or can use a simple username:password pair (present in the ACL of the pod)?
    I wonder this because every time I try the login I am always postponed to the page of the provider for Inrupt, instead of a simple login form for User and Passwrd.

  2. Is it possible to conclude the login by sending only the necessary parameters and without switching to the graphical interface?
    I noticed the guide that the command below concludes the login and I wonder if I can comment on the redirect to the provider to send a login request directly with this command.

// complete the login using query parameters in req.url
await session.handleIncomingRedirect(`http://localhost:${port}${req.url}`);
  1. I noticed that Solid connects to many concepts like RDF, Turtle, JSON-LD, Vocabulary, etc. but I really didn’t understand how these should be used in the context of Solid.

  2. Do you think it is possible to dialogue with a Solid Pod using only well-defined HTTP requests and containing all the fields needed to create-start-conclude a Solid operation?
    In particular, it may be possible to manage the request to be sent using a JSON file containing all the information to request the Solid and attach this file.json to the HTTP request?

  3. I would like to study better how to shape HTTP requests to do to Solid and understand what to send to the request. Where can I find this information?

Best regards
Vincenzo
See you soon

Hi Vincenzo,

Could you clarify the intended purpose of implementing a “communication interface for Solid”?

A solid pod already receives http requests - why do you want to provide an additional http interface in front of that?

Until now the idea I made of Solid is this: we can communicate with Solid through the APIs or using manual HTTP requests.

So start with implementing API from the library on a backend node.js server, but I realize that I would like to add “logic” to these functions.
E.g. Verify that a URI is a container or file before going to call the specific function to obtain them.
This could be made possible simply by create new function with these “logic” + the call to the API functions.

Then i d like to activate an interface that through HTTP requests works with the POD with the API + MyLogic (such as a “new api”).

Is it too bizarre idea? What do you think?

After that, the introduction of the post I inserted a series of reflections and questions that I would like understand better.

Interaction with Solid pods happens through the Solid REST API using common verbs like GET, HEAD, PUT, POST, PATCH, DELETE.

A script call using GET returns exactly what clicking on a link returns - the contents of the page. GET is more powerful because you can specify what format you want the content in, but it does exactly the same thing as a browser does when visiting a page.

To read something you need GET. To find out if something is a file or container, you need HEAD. Your app would need to implement those. Putting them behind a local HTTP server only adds another layer of complication, you’d still need to send GET and a HEAD just as you would from a plain nodejs non-http script or from a browser-based script.

What about my previous questions?

  1. An external user who must log in to access a resource with restrictions what needs? Should he also have an account on a pod provider or can use a simple username:password pair (present in the ACL of the pod)?
    I wonder this because every time I try the login I am always postponed to the page of the provider for Inrupt, instead of a simple login form for User and Password.

  2. Is it possible to conclude the login by sending only the necessary parameters and without switching to the graphical interface?
    I noticed the guide that the command below concludes the login and I wonder if I can comment on the redirect to the provider to send a login request directly with this command.

// complete the login using query parameters in req.url
await session.handleIncomingRedirect(`http://localhost:${port}${req.url}`);
  1. I noticed that Solid connects to many concepts like RDF, Turtle, JSON-LD, Vocabulary, etc. but I really didn’t understand how these should be used in the context of Solid.

  2. Do you think it is possible to dialogue with a Solid Pod using only well-defined HTTP requests and containing all the fields needed to create-start-conclude a Solid operation?
    In particular, it may be possible to manage the request to be sent using a JSON file containing all the information to request the Solid and attach this file.json to the HTTP request?

  3. I would like to study better how to shape HTTP requests to do to Solid and understand what to send to the request. Where can I find this information?

  1. You must register an account on a solid server like solidcommunity.net or inrupt.net or solidweb.org. When you register you create a username and password and get assigned a webId. Later when you want to visit any Solid site, you login where you registered by providing your username and password. Once you login, an .acl file on any Solid server can recognize you by that webId and grant or deny you access based on it. The easiest way to do this is to use Inrupt’s solid-client libraries.

  2. You can login outside a browser using Inrupt’s solid-client-authn-node or the solid-node-client library. The solid-node-client library lets you login completely outside the browse but only on solidcommunity.net and other NSS servers. For all others you need a graphical login step to obtain a token.

  3. That’s a very broad topic. You might start by getting a pod on solidcommunity.net and use its built in browser to look at your profile document which is in RDF. You can see from it the kind of information it stores about you. Apps can read your profile and follow its logic.

4 & 5 As I said in my last message, adding a localhost HTTP server is adding an additional layer of complexity and unless you have a specific need for it, I do not recommend that as a way to learn about Solid.

  1. So to access a solid, as an external user, I have to have a webid obtained by registering on a solid server. Right?
    It looks like a little restrictive because I have to register on a service before. I can understand the registration obligation on a social media to be able to get in touch with other users, but what is the sense about registration on a solid server, and get a webid, to log in?

1.a
“…Later when you want to visit any Solid site, you login where you registered by providing your username and password…”
with the word “any” mean that I can get a webid from inrupt and use it even (to login) on solidcommunity server?
Also, login function (with Inrupt) asks me to enter the Solid Identity Provider, so I imagine that I must insert the link to my provider to log in, right? Because from your reply it seems that the redirect on the right provider occurs automatically, while the login specifications on Inrupt tell me that I need the “Oidcissuer” parameter

  1. You said “Solid-Node-Client completes the login without browser”, while Solid-Client-Authn-Node How does it act on the login without going from the browser?

  2. Could you recommend guides? I tried to read all those available on Solid and Inrupt, but I’m still a little confused. Maybe you knows some more better.

Regarding his answer to points 4 and 5, I understood what you intends. I would like to explain you “the why” of my reasoning.
Suppose I have a nodejs that exposes a website. This site must be able to access and find data from the Solid, So I will need to enter API calls in JavaScript. right?
My idea was to add another nodejs that implements these calls and allows me to activate them through use of HTTP requests. In this way I get 3 things: 1) Instead of performing calls to the Solid from the .js for my website, move the execution of the API calls on the nodejs I added; 2)the only way to perform login without browser seem to be by using nodejs, and considering the 1st statement, this should be possible now; 3) In this perspective my website will be able to activate the Solid APIs, but through HTTP requests at my nodejs #2.
What do you think? SHould be those 3 “new” perspective add advantages?

Thanks for the replies.

Vincenzo

with the word “any” mean that I can get a webid from inrupt and use it even (to login) on solidcommunity server?

1.a Almost, but not quite. Some servers combine providing identity and pods. If you get a webId from Identity_provider_A, you need to login to that identity provider unless you have oidc:issuer set. However once you have logged in, your login will be recognized on any Solid pod provider. So when you go to a pod and it checks to see if you are aurhorized to read or write, So if you go to a pod on Inrupt.com and login using solidcommunity.net as your Identity Provider, solidcommunity will authenticate you and then Inrupt.com will use that authentication to see if you can read or write there.

  1. NSS (Node Solid Server) accepts a command-line exchange of username and password for a token whereas all the other servers make you get a token in the graphics browser and then use that token in a command-line script. It is unclear whether NSS will continue to support this feature. You can use it for testing, but I would not recommend it in any sort of production because it will fail on all other servers.

  2. I suggest looking at the documentation on https://solidproject.org/ and https://docs.inrupt.com/.

4&5. I still don’t understand what adding a localhost proxy will do other than complicate things. If you want a node client, just do it in node. If you want an app, use the Inrupt libraries to create a javascript file your browser can read. A Solid Server is a web server. Why do you want your localhost webserver as an intermediary between you and it? Why not just go directly to the Solid server?

I am obliged (design) to avoid login via-GUI, so I have to work at best with point 2.
I need to learn more about. Do you know some specific link? (different from the previous. Now I have read all those documentation :slight_smile: but I’m still in trouble )

i have understand about 4&5, I’ll keep you updated, thank you for your tips.

You can login to any server outside a GUI. But you have to first use a GUI to get a token. You can get a token once in the GUI and then use it repeatedly
outside a GUI.

If you must login with no GUI, even for the token, then your only choice is to use GitHub - solid/solid-node-client: a nodejs client for Solid. It has fairly extensive documentation.

Thanks Jeff! I had already read this article, but reading him I managed again.
However I have a doubt again. The use of the command line tool @Inrupt/Generate-Oidc-token makes me cross different steps that I would like to understand better, especially asks me:

  • Has Your App Been Pre-Registered by The Administrator Of The Pod Server You Are Signing In To? Answer: no.
  • What Is the Name of the Application You Are Registering? Answer: Admin

The first question asks me if the app has already been pre-registered by the administrator, and in my case it is not so.

The second question asks me the name of the app, but which app refers to? The admin or the external app that wants to access the ADMIN pod?

To conclude, should the login be carried out with the webid of the external app, or again with those of the administrator? Which credentials should I login?

Those questions have to do with the identity of the app, not of you, the user of the app. Eventually there will be a system in which an app needs to be registered but for now I don’t think those matter , just put in anything. @zwifi might have a better answer.

Have a look at this thread too:

Forgive me but I couldn’t better understand the flow of that tool.

Help me to reason up.

I have a “podadmin” pod, whose administrator is user0. I want to get access to User1 and User2.
Then log a WebID on a provider for each of the user.
Then I’m going to use the tool @ Inrupt / Generate-Oidc-token to get my credentials.
So far everything is ok, but the steps in the tool I didn’t understand how to move.

  • Has Your App Been Pre-Registered by The Administrator Of The Pod Server You Are Signing In To?
    ** Answer: no.
  • What Is the Name of the Application You Are Registering?
    ** Answer: Web-App
  • “Who” should use that tool? As the Admin or as the app i m requiring the token

I think you’re conflating apps and Pods. Pods store data, but to actually read and write that data, people use apps. But those apps can only do that if those people allow the app to act on their behalf.

For example, I can have a Pod at pod.inrupt.com, and use the app Media Kraken. I tell Media Kraken where my Pod is, then Media Kraken sends me to my Pod so I can give it permission to act on my behalf.

If your app doesn’t live in a browser (e.g. a Node.js app), then it can’t just redirect people to their Pod. Thus, it will have to manually tell people to open the URL at which they can give that app permissions to act on their behalf. Your app can do that using whatever UI it has, but if you haven’t created such a UI yet and you’re testing it locally, you can use generate-oidc-token.

As a separate question, people can also allow other people to access their data. For example, user1 can use an app like podbrowser.inrupt.com to give user0 permission to view or even modify (part of) their data. After they’ve done so, user0 can use an app of their choosing to view and/or modify user1’s data.

I try to propose a more concrete example.

The scenario is this:

  • I have a pod like User0
  • I decide to set certain accesses for apps that are app1 and app2
  • I create accounts on Inrupt for these two apps by calling User1 and User 2 respectively, and I get the respective webids.
    . Now, I want to use the Generate-Oidc-token tool to get the tokens, and the respective entries, to log in User1 and User2 (and then app1 and app2).

Since the tool brings me back to 2 questions that I didn’t understand correctly, how can I activate what was written above? By admin (user0)!

[The questions that make me confuse are:
Has Your App Been Pre-Registered by The Administrator Of The Pod Server You Are Signing In To?
Answer could be Yes or No

What Is the Name of the Application You Are Registering?
Answer will be a name like “Something”
]

And then the tool ask me to login. considering the scenario described i have to login ALWAYS as user0 (admin of Pod i have to use) or as user1 and user2?

Now you’re conflating apps and users. Apps don’t have accounts, and it is currently not possible to set certain access for apps (although there are proposals for that, but they’re not widely supported yet - look up Access Control Policies).

Sorry for insistence, but I’m looking for a fairly concrete scenery.

Could you avoid misleading answers and maybe help me about what has been said in the last post?

I need help on using that tool, because i don’t have understand how to use it and consequently i cannot login within my Inrupt.

I’m trying to take a step at a time. Before going to understand if I clearly the concept of app and user for accesses, I need to understand this tool.

re-attach the previous scenario:

  • I have a pod like User0
  • I decide to set certain accesses for apps that are app1 and app2
  • I create accounts on Inrupt for these two apps by calling User1 and User 2 respectively, and I get the respective webids.
    . Now, I want to use the Generate-Oidc-token tool to get the tokens, and the respective entries, to log in User1 and User2 (and then app1 and app2).

Since the tool brings me back to 2 questions that I didn’t understand correctly, how can I activate what was written above? By admin (user0)!

[The questions that make me confuse are:
Has Your App Been Pre-Registered by The Administrator Of The Pod Server You Are Signing In To?
Answer could be Yes or No

What Is the Name of the Application You Are Registering?
Answer will be a name like “Something”
]

And then the tool ask me to login. considering the scenario described i have to login ALWAYS as user0 (admin of Pod i have to use) or as user1 and user2?

can i use inrupt libraries with GitHub - solid/solid-node-client: a nodejs client for Solid ?

The Inrupt solid-client-authn library is included as a dependency in solid-node-client. Solid-node-client automatically uses it if you login with a token. If you login with username/password, solid-node-client instead uses solid-auth-fetcher because it is the only library that handles username/password.