Follow up migration of solid auth to DPoP

[bourgeoa]

Today's solid-team meeting has decided an action on this subject.
@ewingson I proposed you be part of this.

The purpose of this issue is to organise the follow up and support to migrate solid apps from legacy to DPoP authorization.

The main tasks could be

1. apps Inventory.
   • First basis from Aad Versteden https://bourgeoa.solidcommunity.net/public/todo/solid%20auth%20migration.html
   • should include https://solidproject.org/developers/tools/
2. prepare a small paper explaining the change and the motivation for migration
   • DPoP is replacing legacy
   • library https://github.com/inrupt/solid-client-authn-js
3. make a small list of examples
   • https://github.com/0dataapp/helloworld/solid/
   • mediakraken, penny, SolidOS webApp
   • getting a cookie see https://github.com/jeff-zucker/solid-node-client
4. contact the authors to explain the change (create issue with links to point 3. and 4.)
5. make the follow up (reminders)

Pod ressources

https://solidproject.solidcommunity.net could be used for the follow up
https://solidweb.me could be used to test the apps

As dog food

• @jeff-zucker or @theRealImy could we have a ui-elements app for the follow up ?
  The app will link : author - app - auth status - follow history
• @timbl could the tracker pane be used for that kind of project

[jeff-zucker]

@bourgeoa - yes, for sure, if you have an RDF source for app information, I can make you a playground where you can experiment generating various different HTML outputs from it.

[ewingson]

@bourgeoa

so a first step would be to synchronize https://bourgeoa.solidcommunity.net/public/todo/solid%20auth%20migration.html and https://solidproject.org/developers/tools/ ?

I just took the codebase and put it online on https://solidweb.me and https://solidweb.org and am not actively developing (as you all know).

I for sure 'd be glad to help, but a small action item would be helpful.
I have been just taking orders doing my job and have psychological experience which makes it hard to think in technical aims (seeing a target) for me.

what can I do ? how can I help ? how do we grow as a group and a community ?

is it correct NSS and CSS both support DPoP atm ?

I will update solidweb.me as soon as the 3.0 is out and know for sure penny is working with CSS.

[bourgeoa]

@ewingson The first post in this issue lists the manual tasks to be done :

• point 5. is the objective : a list of apps with an indication of status :
  • DPoP status --> yes/no/issue created/will not migrate/...
  • status date
• actions :

1. create a model of issue the can be pasted in each github/gitlab repo
2. at the same time prepare a mardown table of apps : with 3 columns

| name/url | DPoP status | date |

3. then when the issue model is OK. create the issues

This is not a very high level work but useful.
@ewingson Are you part of it ? We can continue to discuss in private.

[bourgeoa]

Table to post on https://solidproject.solidcommunity.net/Team/dpop-migration/applist.md when access authorized.

name/url	DPoP status	date
solid-ide	no	2022-01-14
mediacraken	yes	2021

[bourgeoa]

Project of issue to paste in each app repo

issue title : migrate legacy auth to DPoP
issue content :

• purpose and motivation
• examples and useful links

[ewingson]

@bourgeoa

I'm perfectly well with speaking here.
yeah I'm part of it.
so to check are all apps in the Links of 1.
a) can we assume DPoP is working when able to log in with CSS ? are there cases DPoP on NSS is working and CSS not ?

b) https://solidproject.solidcommunity.net/Team/dpop-migration/applist.md gives a 401/403 when logging in with my solidweb account.

c) to summarize: how do I decide if DPoP status is yes or no ?
-- I'll help to create the table in a first step and THEN / in a second step we would create the issues ?

did I understand ?

[ewingson]

p.s.: I as well could create the table either on my private pod or in my github repo and when done copy it over, case I get access... just an idea...

[bourgeoa]

@ewingson Yes please do. Just give me the link and read/write access so that I can also come to help. My webId https://bourgeoa.solidcommunity.net/profile/card#me

[ewingson]

@bourgeoa

and CSS login works means status yes.
what if NSS works, CSS not ? then would be a no ?

I've created an md-file, have to check the syntax https://testpro.solidweb.org/public/team/dpop.md (is public)

[bourgeoa]

a) yes for CSS, for NSS you may not know easily
b) we are waiting for to @theRealImy
c) we can discuss it if you doubt.

[bourgeoa]

https://testpro.solidweb.org/public/team/dpop.md can you give me write access.

[ewingson]

would I modify the acl manually for that ?
with which of your accounts ?

[ewingson]

@bourgeoa I've given you owner rights per drag and drop for your solidcommunity.net account

[ewingson]

@bourgeoa

we could insert another column, so that we have two links for each app, one for the live-access and one for the github repo:

| name/URL | github repo | DPoP auth | date |
| | | | |
| [solid-ide](https://jeff-zucker.github.io/solid-ide/) |  https://github.com/jeff-zucker/solid-ide | no? | 2022-01-15 |

What do you think ?

[bourgeoa]

Usually the repo has a link to a live accès. So I would not generalize now.

[ewingson]

good teamwork, @bourgeoa !

I've set all the links in https://testpro.solidweb.org/public/team/dpop.md to the respective github repos, except for penny, that's on gitlab.
am slowly gathering more stuff, piece by piece.

[ewingson]

@bourgeoa @theRealImy @timbl @jeff-zucker

our list (link above) is not yet fully populated, but I think I've covered a good start.
Although it's not my mother tongue I've created a small issue text (far from perfect, if any native speaker wants to take that part ?). I'll paste it below.

We on Solid recently had an update from legacy auth to the use of a DPoP Token.
We noticed that your app (URL to repo) still is using the old auth.
We'd like to encourage you to switch to the new auth using the Demonstrating Proof of Posession technology.
Our motivation for the update was using the standard OIDC-way.
The new library can be found at https://github.com/inrupt/solid-client-authn-js
An example of an app using the DPoP mechanism can be found here https://github.com/0dataapp/hello/tree/main/solid
On https://github.com/jeff-zucker/solid-node-client you'll find informations about getting a cookie.

Just let us know if we can assist you on switching your app at (link to gitter room/(which one?)/forum)
*
What do you think ?

[jeff-zucker]

I'd replace the lines from "The new library can be found... to the next blank line with this:

Javascript libraries using the new authentication methods include Inrupt's solid-client-authn-browser for the browser and solid-client-authn-node and solid-node-client for nodejs. To obtain a token for nodejs app login, you will also need Inrupt's generate-oidc-token.

See also authentication libraries for other languages.

[jeff-zucker]

Also for future reference - please never link to the archived versions of Solid-Node-Client or Solid Rest in my repo. Link instead to the live versions in the solid repo.

[bourgeoa]

@ewingson I opened https://solidproject.solidcommunity.net/Team/dpop-migration/ with Read/Write to The team group, me and you
We shall continue there please.
You can log in with https://ewingson.solidcommunity.net/profile/card#me

There are 2 files :

• dpop-status for list of apps (with a copy of the original from testpro
• issue-proposal for a proposed text issue to the non DPoP apps (from your proposal and jeff's comments

[ewingson]

@bourgeoa I've proposed two little changes...
marked with ori ... new ... end but the readability is not good therefor.
do you agree to the changes ?
[edit] now we've covered https://solidproject.org/developers/tools/ , the showcase of https://solidproject.org/apps and some of @madnificent 's list, which is an extraction of 2. . maybe we ask @timbl and @theRealImy if the issue text is okay ?

[bourgeoa]

@ewingson ok good job. Changes approved. You can also remove everything after end
If there are no more comments. We can raise the issues in the app repos.

Please update the app-status so we can follow the job advancement. Thanks 👍

[ewingson]

@bourgeoa

issue text updated.
we have 32 apps of which 21 need to be addressed. shall we wait for @timbl / @theRealImy to approve (don't know though how to request review, this is an issue and not a PR, but when they're tagged, they will notice) or shall we proceed creating the issues ?

one more thing comes to my mind, what will the headline be ?

Request for updating your app to DPoP auth from the Solid Team ? does that sound good ?

and maybe a greeting formula ? Kind regards from the Solid Team ?

[bourgeoa]

You can proceed. I will not be available today.
Issue title : update to DPoP authentication. Legacy being deprecated
Greetings, I would prefer simply : From solid team

Simply remove:

• request ... This is too much authoritative
• for other languages .... We don't have anything to propose

[ewingson]

@bourgeoa okay as perfectionist (I wanna do it right) "From the Solid Team" or "from solid team" or "From solid team" (uppercase/lowercase, "the") ? [edit] I'll proceed with "From solid team" as we are kinda unofficial

[ewingson]

21 issues created. an example on github is jaxoncreed/o-edit#13 and on gitlab is https://gitlab.com/vincenttunru/notepod/-/issues/7 . still not 100% convinced cause I've naturally copy/pasted them from the proposal and there are newlines between the sentences. but now they're out. can be closed.

[jeff-zucker]

Just out of curiosity - why did I get an issue on Solid File Cient? Is it because the documentation is not updated? The library works completely fine with the new auth and is, in fact, agnostic about the auth library.

[ewingson]

then please excuse me, I thought I tested it with CSS. maybe was the mistake, that I wasn't aware that it's agnostic. I'll update the status immediately.

[bourgeoa]

@jeff-zucker it relates to the demo https://jeff-zucker.github.io/solid-file-client/docs/examples/

[jeff-zucker]

Okay, no problem either way, you guys are doing a great job, thanks.

[timea-solid]

I can only agree with @jeff-zucker anf it looks good to me!

[bourgeoa]

@ewingson to have a follow-up we need to track the issue posted to the source app repo.
We may put something like issue#issueNumber in the comment in app-status row of the app.
What do you think ? If you have a better idea ?

May be it is not needed if you posted to all apps. We may just replace no by issue or issue raised. That is simpler.
We may have more apps. I have to look around.

[ewingson]

yeah sounds good. will be the first I do in the morning.

[ewingson]

I have left the issue numbers of the addressed apps in the comments.

[timea-solid]

I have updated the App list to include all Apps we found in different lists: see apps status v2.0.md
I also added 2 new columns which help us in preparing to move to CSS.