Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: Support acl authorization for IDP components
Configuration has been updated so the IDP requests also pass through an Authorization component. A new config option was added to choose which authorization scheme to use for the IDP.
- Loading branch information
Showing
44 changed files
with
401 additions
and
75 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
{ | ||
"@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^1.0.0/components/context.jsonld", | ||
"@graph": [ | ||
{ | ||
"comment": "Makes sure the IDP container has the necessary root resources.", | ||
"@id": "urn:solid-server:default:IdpContainerInitializer", | ||
"@type": "ConditionalHandler", | ||
"storageKey": "idpContainerInitialized", | ||
"storageValue": true, | ||
"storage": { "@id": "urn:solid-server:default:SetupStorage" }, | ||
"source": { | ||
"@type": "ContainerInitializer", | ||
"args_baseUrl": { "@id": "urn:solid-server:default:variable:baseUrl" }, | ||
"args_path": "/idp/", | ||
"args_store": { "@id": "urn:solid-server:default:ResourceStore" }, | ||
"args_generator": { | ||
"@type": "TemplatedResourcesGenerator", | ||
"templateFolder": "@css:templates/root/empty", | ||
"factory": { "@type": "ExtensionBasedMapperFactory" }, | ||
"templateEngine": { "@type": "HandlebarsTemplateEngine" } | ||
}, | ||
"args_storageKey": "idpContainerInitialized", | ||
"args_storage": { "@id": "urn:solid-server:default:SetupStorage" } | ||
} | ||
} | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
{ | ||
"@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^1.0.0/components/context.jsonld", | ||
"@graph": [ | ||
{ | ||
"comment": "Makes sure the .well-known container has the necessary root resources. This is also required for IDP.", | ||
"@id": "urn:solid-server:default:WellKnownContainerInitializer", | ||
"@type": "ConditionalHandler", | ||
"storageKey": "wellKnownContainerInitialized", | ||
"storageValue": true, | ||
"storage": { "@id": "urn:solid-server:default:SetupStorage" }, | ||
"source": { | ||
"@type": "ContainerInitializer", | ||
"args_baseUrl": { "@id": "urn:solid-server:default:variable:baseUrl" }, | ||
"args_path": "/.well-known/", | ||
"args_store": { "@id": "urn:solid-server:default:ResourceStore" }, | ||
"args_generator": { | ||
"@type": "TemplatedResourcesGenerator", | ||
"templateFolder": "@css:templates/root/empty", | ||
"factory": { "@type": "ExtensionBasedMapperFactory" }, | ||
"templateEngine": { "@type": "HandlebarsTemplateEngine" } | ||
}, | ||
"args_storageKey": "wellKnownContainerInitialized", | ||
"args_storage": { "@id": "urn:solid-server:default:SetupStorage" } | ||
} | ||
} | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
{ | ||
"@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^1.0.0/components/context.jsonld", | ||
"@graph": [ | ||
{ | ||
"comment": "Allow everyone to register new pods.", | ||
"@id": "urn:solid-server:default:IdentityProviderAuthorizingHandler", | ||
"AuthorizingHttpHandler:_args_permissionReader": { | ||
"@type": "AllStaticReader", | ||
"allow": true | ||
} | ||
} | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
{ | ||
"@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^1.0.0/components/context.jsonld", | ||
"import": [ | ||
"files-scs:config/identity/access/initializers/idp.json", | ||
"files-scs:config/identity/access/initializers/well-known.json" | ||
], | ||
"@graph": [ | ||
{ | ||
"comment": "Use the same authorization for IDP components as is used for LDP.", | ||
"@id": "urn:solid-server:default:IdentityProviderAuthorizingHandler", | ||
"AuthorizingHttpHandler:_args_permissionReader": { "@id": "urn:solid-server:default:PermissionReader" } | ||
}, | ||
{ | ||
"comment": "IDP related containers require initialized resources to support authorization.", | ||
"@id": "urn:solid-server:default:ParallelInitializer", | ||
"ParallelHandler:_handlers": [ | ||
{ "@id": "urn:solid-server:default:IdpContainerInitializer" }, | ||
{ "@id": "urn:solid-server:default:WellKnownContainerInitializer" } | ||
] | ||
} | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
{ | ||
"@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^1.0.0/components/context.jsonld", | ||
"import": [ | ||
"files-scs:config/app/main/default.json", | ||
"files-scs:config/app/init/default.json", | ||
"files-scs:config/app/setup/disabled.json", | ||
"files-scs:config/http/handler/default.json", | ||
"files-scs:config/http/middleware/websockets.json", | ||
"files-scs:config/http/server-factory/websockets.json", | ||
"files-scs:config/http/static/default.json", | ||
"files-scs:config/identity/access/restricted.json", | ||
"files-scs:config/identity/email/default.json", | ||
"files-scs:config/identity/handler/default.json", | ||
"files-scs:config/identity/ownership/token.json", | ||
"files-scs:config/identity/pod/static.json", | ||
"files-scs:config/identity/registration/enabled.json", | ||
"files-scs:config/ldp/authentication/dpop-bearer.json", | ||
"files-scs:config/ldp/authorization/webacl.json", | ||
"files-scs:config/ldp/handler/default.json", | ||
"files-scs:config/ldp/metadata-parser/default.json", | ||
"files-scs:config/ldp/metadata-writer/default.json", | ||
"files-scs:config/ldp/modes/default.json", | ||
"files-scs:config/storage/backend/file.json", | ||
"files-scs:config/storage/key-value/resource-store.json", | ||
"files-scs:config/storage/middleware/default.json", | ||
"files-scs:config/util/auxiliary/acl.json", | ||
"files-scs:config/util/identifiers/suffix.json", | ||
"files-scs:config/util/index/default.json", | ||
"files-scs:config/util/logging/winston.json", | ||
"files-scs:config/util/representation-conversion/default.json", | ||
"files-scs:config/util/resource-locker/memory.json", | ||
"files-scs:config/util/variables/default.json" | ||
], | ||
"@graph": [ | ||
{ | ||
"comment": [ | ||
"This server uses a file backend and allows restricting the access to IDP components using WebACL.", | ||
"Make sure to read the documentation about the config/identity/access configuration." | ||
] | ||
} | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.