I’m developing a Solid application using the @inrupt/solid-client-authn-browser library and attempting to authenticate with my own Solid OIDC server instance hosted at:
You asked a lot here so I will try and keep it short. The library you used is meant to work with Inrupt servers. They do some things differently than the CSS approach. I think in your login request you must request the ‘webid’ scope in order to receive the webid claim. That is probably why session.info.webId is undefined.
@gaz009 I don’t think that that is true - I have successfully used it to log in to non-Inrupt servers.
@jacobdaniel You have confirmed that the server works because you can use other apps with it, but it might be worth confirming the other side as well: does your app work with different servers? For example, can you log in to https://solidcommunity.net with it?
I would at first try it without a client ID, to ensure it’s not broken because the client ID is invalid.
I also see you’re passing the arguments clientSecret and scopes, which I don’t see listed in the docs. If you’re using generative AI to guide you, maybe best not to trust its suggestions, unless you verify it yourself in the docs. There also shouldn’t be a need to manually POST to anywhere - if you are using an AI, it sounds like it’s trying to mimic non-Solid login flows.
Also make sure that the redirect URL you’re pointing at (above, http://localhost:3003/callback) is the page where you’re calling handleIncomingRedirect.
If that’s not enough to get you there, it might be worth working through the docs I linked through above, see if you can at least get that to work?
I think Vincent’s suggestions make a lot of sense. The library does work on other Solid server implementations, not just Inrupt’s.
Using it shouldn’t be complicated at all. In fact, the simplest way is to only pass three arguments to the login() function, as shown here in the document:
await login({
oidcIssuer: "https://login.inrupt.com",
redirectUrl: new URL("/callback", window.location.href).toString(),
clientName: "My application"
});
You passed many more arguments, and most of them I have never seen. I understand they may be needed eventually for the OIDC flow, but unnecessary (and potentially won’t work, as Vincent pointed out) for using this library as it will handle those things behind the scene.
Also, don’t forget to call handleIncomingRedict() in a sensible place. It’s not physically after the login() call, but logically after the login() call. This is because how OIDC and webpages works – it firsts redirects you to the OIDC issuer’s site, and redirect to your original app (webpage); but this second time you open your webpage, it starts from the beginning, rather than “resuming” from where you called login().
Thanks all, and apologies for the messy post, I am picking up from my attempts at creating Solid App a few weeks ago, and indeed carelessly copied error debugging from AI assistance.
The docs for authenticating a user on a solid app with a community solid server do seem straight forward.
But I am still getting 400 bad request. The payload shows “redirect_uris”: [null]
It’s really hard to analyse that since there are some syntax errors in there, but it looks like your callback URL /callback doesn’t actually exist. As I understand it, you’re all just running it on the same page, / (aka https://solidpod.jacobdaniel.co.uk). So maybe instead of callbackUrl you just want to pass in window.location.href, i.e. since the page that has the call to login also has the handleIncomingRedirect, you just want to pass in the current page’s URL?
OK, if I’m following correctly, that’s what your Solid server returns before you’re sent back to /callback - and it seems to say that you’re passing an invalid redirect URL.
Could you add a log just before your call to login, showing the value that you’re passing to its redirectUrl parameter?
Yes. I understand that the redirectUrl needs to be a proper, fully qualified string, so I have tested using both hardcoded string and dynamic URL object, both logs just before login() is called appear as clickable links:
callback url: http://localhost:3002/callback
solid server url: https://gardenmap.jacobdaniel.co.uk/
Before redirect handling: http://localhost:3002/callback?code=hvu02XVxCdzv3_q4hY7V285PTn1hQnt6Quoxfox6H7D&state=5bf56dff4d06464290efa79b910a6e68&iss=https%3A%2F%2Fgardenmap.jacobdaniel.co.uk%2F
page.jsx:19
After redirect handling: http://localhost:3002/callback
This suggests I am providing the redirectUrl value correctly and makes me wonder why I get response error?
I have tried setting the oidcIssuer to https://solidcommunity.net server and get the same error.
We’ll need the full URL to be able to say anything meaningful though - I want to know which step in the authentication flow it is, and what is being communicated between the app and the Pod
When I log in using both https://solidcommunity.net and my own server https://gardenmap.jacobdaniel.co.uk, I see a successful response to the /.oidc/reg request with status 201 Created. Here’s the payload being sent:
So registration doesn’t appear to be the issue. However, after I approve the login on the CSS (Pivot) interface, I’m redirected to /callback and that’s where I see the InvalidClientMetadata error in the page response.
I previously posted the URL before and after calling handleIncomingRedirect():
This happens with both servers.
I thought the issue could be related to my use of http://localhost for the app, given that my CSS is on https, but I get the same response on my own https hosted solidpod domain.
That’s weird, it’s making a bunch of requests that I don’t see in my app, including the one to /reg that errors out. You don’t happen to have the full source code you’re using posted somewhere, by any chance? Nothing jumps out to me as the obvious cause, unfortunately.
Well, I checked out your code and played around a bit, and then I noticed that you’re using an older version of @inrupt/solid-client-authn-browser. Upgrading that to the latest one allowed me to log in successfully. So you’re probably hitting a bug that was since fixed in that library.
(Also, apparently it had a whole slew of releases that I wasn’t aware of, so my knowledge of it is probably outdated anyway )
Oh dear… that’s slightly annoying - I had run pnpm update but didn’t realise it wouldn’t upgrade to a newer major version without explicitly specifying it. I see pnpm update <package> is more reliable.