Follow up migration of solid auth to DPoP about team HOT 35 CLOSED

You can proceed. I will not be available today.
Issue title : update to DPoP authentication. Legacy being deprecated
Greetings, I would prefer simply : From solid team

Simply remove:

• request ... This is too much authoritative
• for other languages .... We don't have anything to propose

from team.

Okay, no problem either way, you guys are doing a great job, thanks.

from team.

@bourgeoa - yes, for sure, if you have an RDF source for app information, I can make you a playground where you can experiment generating various different HTML outputs from it.

from team.

@ewingson The first post in this issue lists the manual tasks to be done :

• point 5. is the objective : a list of apps with an indication of status :
  • DPoP status --> yes/no/issue created/will not migrate/...
  • status date
• actions :

1. create a model of issue the can be pasted in each github/gitlab repo
2. at the same time prepare a mardown table of apps : with 3 columns

| name/url | DPoP status | date |

3. then when the issue model is OK. create the issues

This is not a very high level work but useful.
@ewingson Are you part of it ? We can continue to discuss in private.

from team.

Table to post on https://solidproject.solidcommunity.net/Team/dpop-migration/applist.md when access authorized.

from team.

Project of issue to paste in each app repo

issue title : migrate legacy auth to DPoP
issue content :

• purpose and motivation
• examples and useful links

from team.

@ewingson Yes please do. Just give me the link and read/write access so that I can also come to help. My webId https://bourgeoa.solidcommunity.net/profile/card#me

from team.

a) yes for CSS, for NSS you may not know easily
b) we are waiting for to @theRealImy
c) we can discuss it if you doubt.

from team.

https://testpro.solidweb.org/public/team/dpop.md can you give me write access.

from team.

Usually the repo has a link to a live accès. So I would not generalize now.

from team.

I'd replace the lines from "The new library can be found... to the next blank line with this:

Javascript libraries using the new authentication methods include Inrupt's solid-client-authn-browser for the browser and solid-client-authn-node and solid-node-client for nodejs. To obtain a token for nodejs app login, you will also need Inrupt's generate-oidc-token.

See also authentication libraries for other languages.

from team.

Also for future reference - please never link to the archived versions of Solid-Node-Client or Solid Rest in my repo. Link instead to the live versions in the solid repo.

from team.

@ewingson I opened https://solidproject.solidcommunity.net/Team/dpop-migration/ with Read/Write to The team group, me and you
We shall continue there please.
You can log in with https://ewingson.solidcommunity.net/profile/card#me

There are 2 files :

• dpop-status for list of apps (with a copy of the original from testpro
• issue-proposal for a proposed text issue to the non DPoP apps (from your proposal and jeff's comments

from team.

@ewingson ok good job. Changes approved. You can also remove everything after end
If there are no more comments. We can raise the issues in the app repos.

Please update the app-status so we can follow the job advancement. Thanks 👍

from team.

@bourgeoa

issue text updated.
we have 32 apps of which 21 need to be addressed. shall we wait for @timbl / @theRealImy to approve (don't know though how to request review, this is an issue and not a PR, but when they're tagged, they will notice) or shall we proceed creating the issues ?

one more thing comes to my mind, what will the headline be ?

Request for updating your app to DPoP auth from the Solid Team ? does that sound good ?

and maybe a greeting formula ? Kind regards from the Solid Team ?

from team.

Just out of curiosity - why did I get an issue on Solid File Cient? Is it because the documentation is not updated? The library works completely fine with the new auth and is, in fact, agnostic about the auth library.

from team.

@jeff-zucker it relates to the demo https://jeff-zucker.github.io/solid-file-client/docs/examples/

from team.

I can only agree with @jeff-zucker anf it looks good to me!

from team.

@ewingson to have a follow-up we need to track the issue posted to the source app repo.
We may put something like issue#issueNumber in the comment in app-status row of the app.
What do you think ? If you have a better idea ?

May be it is not needed if you posted to all apps. We may just replace no by issue or issue raised. That is simpler.
We may have more apps. I have to look around.

from team.

@bourgeoa

so a first step would be to synchronize https://bourgeoa.solidcommunity.net/public/todo/solid%20auth%20migration.html and https://solidproject.org/developers/tools/ ?

I just took the codebase and put it online on https://solidweb.me and https://solidweb.org and am not actively developing (as you all know).

I for sure 'd be glad to help, but a small action item would be helpful.
I have been just taking orders doing my job and have psychological experience which makes it hard to think in technical aims (seeing a target) for me.

what can I do ? how can I help ? how do we grow as a group and a community ?

is it correct NSS and CSS both support DPoP atm ?

I will update solidweb.me as soon as the 3.0 is out and know for sure penny is working with CSS.

from team.

@bourgeoa

I'm perfectly well with speaking here.
yeah I'm part of it.
so to check are all apps in the Links of 1.
a) can we assume DPoP is working when able to log in with CSS ? are there cases DPoP on NSS is working and CSS not ?

b) https://solidproject.solidcommunity.net/Team/dpop-migration/applist.md gives a 401/403 when logging in with my solidweb account.

c) to summarize: how do I decide if DPoP status is yes or no ?
-- I'll help to create the table in a first step and THEN / in a second step we would create the issues ?

did I understand ?

from team.

p.s.: I as well could create the table either on my private pod or in my github repo and when done copy it over, case I get access... just an idea...

from team.

@bourgeoa

and CSS login works means status yes.
what if NSS works, CSS not ? then would be a no ?

I've created an md-file, have to check the syntax https://testpro.solidweb.org/public/team/dpop.md (is public)

from team.

would I modify the acl manually for that ?
with which of your accounts ?

from team.

@bourgeoa I've given you owner rights per drag and drop for your solidcommunity.net account

from team.

@bourgeoa

we could insert another column, so that we have two links for each app, one for the live-access and one for the github repo:

| name/URL | github repo | DPoP auth | date |
| | | | |
| [solid-ide](https://jeff-zucker.github.io/solid-ide/) |  https://github.com/jeff-zucker/solid-ide | no? | 2022-01-15 |

What do you think ?

from team.

good teamwork, @bourgeoa !

I've set all the links in https://testpro.solidweb.org/public/team/dpop.md to the respective github repos, except for penny, that's on gitlab.
am slowly gathering more stuff, piece by piece.

from team.

@bourgeoa @theRealImy @timbl @jeff-zucker

our list (link above) is not yet fully populated, but I think I've covered a good start.
Although it's not my mother tongue I've created a small issue text (far from perfect, if any native speaker wants to take that part ?). I'll paste it below.

We on Solid recently had an update from legacy auth to the use of a DPoP Token.
We noticed that your app (URL to repo) still is using the old auth.
We'd like to encourage you to switch to the new auth using the Demonstrating Proof of Posession technology.
Our motivation for the update was using the standard OIDC-way.
The new library can be found at https://github.com/inrupt/solid-client-authn-js
An example of an app using the DPoP mechanism can be found here https://github.com/0dataapp/hello/tree/main/solid
On https://github.com/jeff-zucker/solid-node-client you'll find informations about getting a cookie.

Just let us know if we can assist you on switching your app at (link to gitter room/(which one?)/forum)
*
What do you think ?

from team.

@bourgeoa I've proposed two little changes...
marked with ori ... new ... end but the readability is not good therefor.
do you agree to the changes ?
[edit] now we've covered https://solidproject.org/developers/tools/ , the showcase of https://solidproject.org/apps and some of @madnificent 's list, which is an extraction of 2. . maybe we ask @timbl and @theRealImy if the issue text is okay ?

from team.

@bourgeoa okay as perfectionist (I wanna do it right) "From the Solid Team" or "from solid team" or "From solid team" (uppercase/lowercase, "the") ? [edit] I'll proceed with "From solid team" as we are kinda unofficial

from team.

21 issues created. an example on github is jaxoncreed/o-edit#13 and on gitlab is https://gitlab.com/vincenttunru/notepod/-/issues/7 . still not 100% convinced cause I've naturally copy/pasted them from the proposal and there are newlines between the sentences. but now they're out. can be closed.

from team.

then please excuse me, I thought I tested it with CSS. maybe was the mistake, that I wasn't aware that it's agnostic. I'll update the status immediately.

from team.

yeah sounds good. will be the first I do in the morning.

from team.

I have left the issue numbers of the addressed apps in the comments.

from team.

I have updated the App list to include all Apps we found in different lists: see apps status v2.0.md
I also added 2 new columns which help us in preparing to move to CSS.

from team.