New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: Add webid claim to webid scope #1040
Conversation
It does break some things. Was testing Penny and logging in no longer worked with this change:
It makes sense that Penny doesn't get the |
See #1041 |
Is penny just using an older version of the auth client perhaps, @Vinnl? |
"Sets all the relevant oidc parameters.", | ||
"webid claim is in openid scope until an official scope has been decided: https://github.com/solid/authentication-panel/issues/86" | ||
], | ||
"comment": "Sets all the relevant oidc parameters.", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"comment": "Sets all the relevant oidc parameters.", | |
"comment": "Sets all the relevant Solid-OIDC parameters.", |
@RubenVerborgh I don't know what "old" is, but it currently has defined the version range Did Solid/CSS have breaking authn changes again since April? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Note that the line at https://github.com/solid/community-server/pull/1040/files#diff-9732c16d61c118aef1a2a2594763b5731a7fe9fdc60ae2b351cc6369a362205bR24 (solid_oidc_supported
) is no longer required by the Solid-OIDC draft. There is no harm in leaving it in place, but discovery now happens via the mechanism added here (webid
scope)
Also a note in passing about https://github.com/solid/community-server/pull/1040/files#diff-9732c16d61c118aef1a2a2594763b5731a7fe9fdc60ae2b351cc6369a362205bR29 (dPoP ... draft-01
) the current DPoP draft is at version 04
The authn spec is still evolving; we follow it closely.
That seems old indeed; on normal npm installs, the latest version would be chosen with that range. But given that Penny is precompiled with the package-lock versions, it seems to be an old version indeed. |
@joachimvh Let's add that clearly as a comment in our config. |
Do you know if there were breaking changes since April, and which version of SCAB is compatible with those changes? I can push an update, but the newer the version the more work it'll be, so if I can narrow it down to a smaller upgrade I can do it more quickly :) |
I do not; perhaps @NSeydoux does.
It's a semver.minor, so should not be any work apart from updating package-lock. |
I just merged inrupt/solid-client-authn-js@e9e89f7 to add the
There has been some changes in the spec, not all of which is reflected in |
Closes #1038.
I don't think this breaks anything for older versions but there might be a case I'm not aware of.