I have been trying to upload an image to my Solid POD. If I trace the data browser I can see it does an HTTP PUT of the image data (as expected) - but when I tried the same I got “401 - Unauthorized” even though the previous PUT of a turtle document went through all fine.
In code I used Chrome’s built-in fetch operation (see https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API/Using_Fetch#Uploading_a_file) without luck. So I tried the RDFLIB fetcher.webOperation() instead - and it worked. Why?
Looking at the network traffic, it turns out the RDFLIB fetcher sends both a session cookie and a authorization header (with an ID-token) with the PUT operation - whereas the built-in Chrome fetcher doesn’t send the authorization header, only the session cookie.
So I am curious - what is the right way to authorize requests with the Solid server? Apparently the cookies are not enough. Where in the specs can a find this documented? And where would you get that authorization header ID-token from?