New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add note for WebID authenticated fetch #1709
Conversation
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
This pull request is automatically built and testable in CodeSandbox. To see build info of the built libraries, click here or the icon next to each commit SHA. Latest deployment of this branch, based on commit 1adc390:
|
src/profile/webid.ts
Outdated
@@ -76,7 +76,9 @@ export function getAltProfileUrlAllFrom( | |||
* A WebID Profile may be any RDF resource on the Web, it doesn't have | |||
* to be a Solid resource. That is why, in order to expose a Solid-enabled part | |||
* of their profile, some WebID profiles link to a Profile Resource, which may | |||
* be a Solid resource. | |||
* be a Solid resource. A WebID resource should be public, so `getProfileAll` will |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So ... since we state "to expose a Solid-enabled part ..." above, should "a Profile Resource, which may be a Solid resource" be just "a Profile Resource, which is ..."? Or even "an Extended Profile, which is a Solid Resource"?
And, with "WebID resource should be public" -- is it a should be or is it a must? If a must, I'd just say "A WebID profile is publicly readable"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh ... also, in case your "should be public" stands -- such that, some people make their profiles not publicly readable (mistakenly or not), just wondering, for the WebID profile part of getProfileAll, do we first do an unauthed fetch, and then, if that fails, we do an authe'd fetch?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"Do we first do a...", yes, that's the implementation: https://github.com/inrupt/solid-client-js/pull/1709/files#diff-df051b184aa88ad98045d31b7def5698e9b5c75b17fd85b15bc8a8790cf82798R122
keep in mind this isn't strictly specified by a spec yet.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm - left some comments.
Why don't we just add a "getWebId" method? |
We can also add a |
@NSeydoux hmm, okay, yeah, agreed. |
src/profile/webid.ts
Outdated
@@ -76,7 +76,9 @@ export function getAltProfileUrlAllFrom( | |||
* A WebID Profile may be any RDF resource on the Web, it doesn't have | |||
* to be a Solid resource. That is why, in order to expose a Solid-enabled part | |||
* of their profile, some WebID profiles link to a Profile Resource, which may | |||
* be a Solid resource. | |||
* be a Solid resource. A WebID resource should be public, so `getProfileAll` will |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"Do we first do a...", yes, that's the implementation: https://github.com/inrupt/solid-client-js/pull/1709/files#diff-df051b184aa88ad98045d31b7def5698e9b5c75b17fd85b15bc8a8790cf82798R122
keep in mind this isn't strictly specified by a spec yet.
src/profile/webid.ts
Outdated
@@ -76,7 +76,9 @@ export function getAltProfileUrlAllFrom( | |||
* A WebID Profile may be any RDF resource on the Web, it doesn't have | |||
* to be a Solid resource. That is why, in order to expose a Solid-enabled part | |||
* of their profile, some WebID profiles link to a Profile Resource, which may | |||
* be a Solid resource. | |||
* be a Solid resource. A WebID resource should be public, so `getProfileAll` will |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
* be a Solid resource. A WebID resource should be public, so `getProfileAll` will | |
* be a Solid resource. A WebID resource MUST be public, so `getProfileAll` will |
I think this is what the spec says, but I might be wrong
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Spec doesn't say "MUST" nor "should", in fact, it no longer says anything about WebID's other than they're resources — i.e., it reintroduced as of September 10th the ability for WebID's to require authentication to read, by way of omitting to specify that they must be publicly readable.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Arguably, https://www.w3.org/2005/Incubator/webid/spec/identity/ can be interpreted to mandate the WebID to be public (that's the worst sentence to say about a specification), so unless the Solid-WebID spec adds additional constraints, it sounds like a fair assumption that WebID profiles are public documents.
Relates to #1761 |
Let's merge after #1765 is merged and the new environments roll out, that'll fix the CI issues here. |
c052001
to
2628ce5
Compare
WebID must be public resources, and may not be Solid resources. As a result, by default they should be fetched unauthenticated. This commit simply adds a note describing this already implemented behaviour.
2628ce5
to
6bd69f0
Compare
* Add note for WebID authenticated fetch WebID must be public resources, and may not be Solid resources. As a result, by default they should be fetched unauthenticated. This commit simply adds a note describing this already implemented behaviour. * Mention Extended Profiles
WebID must be public resources, and may not be Solid resources. As a result, by default they should be fetched unauthenticated. This commit simply adds a note describing this already implemented behavior.