You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
While trying to fixing solid-flask I've noticed that ESS requires a basic auth with (client_id, client_secret) to retrieve access tokens at the token_endpoint. As far as I've seen this behaviour is not discussed in the Primer.
I don't have a good overview of Solid-OIDC yet, but I think in the specification it is this part that requires (client_id, client_secret) for the token request: https://solid.github.io/solid-oidc/#tokens
Assuming one of the following options
- Client ID and Secret, and valid DPoP Proof (for dynamic and static registration)
- Dereferencable Client Identifier with a proper Client ID Document and valid DPoP Proof (for a Solid client identifier)
the OP MUST return A DPoP-bound OIDC ID Token.
It could helpful to point this out in the primer, so implementations don't miss this. It also worked without the basic auth on NSS, which makes it trickier to catch if one does not test the solid-oidc client with more server implementations.
The text was updated successfully, but these errors were encountered:
While trying to fixing solid-flask I've noticed that ESS requires a basic auth with (client_id, client_secret) to retrieve access tokens at the token_endpoint. As far as I've seen this behaviour is not discussed in the Primer.
I don't have a good overview of Solid-OIDC yet, but I think in the specification it is this part that requires (client_id, client_secret) for the token request: https://solid.github.io/solid-oidc/#tokens
It could helpful to point this out in the primer, so implementations don't miss this. It also worked without the basic auth on NSS, which makes it trickier to catch if one does not test the solid-oidc client with more server implementations.
The text was updated successfully, but these errors were encountered: