Solid-OIDC Client IDs#

Solid-OIDC Client Identifiers (Client IDs) are URIs that dereference to a JSON-LD document, namely the Client ID document.

The Client ID document is a JSON-LD document with:

  • A @context value of https://www.w3.org/ns/solid/oidc-context.jsonld.

  • Fields conformant to an OIDC client registration.

For example, the following sample JSON-LD document may be found by dereferencing the Client ID https://my-app.example.com/myappid.jsonld:

{
  "@context": "https://www.w3.org/ns/solid/oidc-context.jsonld",
  "client_id": "https://my-app.example.com/myappid.jsonld",
  "redirect_uris": ["https://my-app.example.com/callbackAfterLogin"],
  "client_name": "My Sample App",
  "client_uri": "https://my-app.example.com/",
  "logo_uri": "https://my-app.example.com/logo.png",
  "tos_uri": "https://my-app.example.com/terms.html",
  "policy_uri": "https://my-app.example.com/policy.html",
  "contacts": ["someone@example.com"],
  "scope" : "openid offline_access webid",
  "grant_types" : ["refresh_token","authorization_code"],
  "post_logout_redirect_uris": [
    "https://my-app.example.com/"
  ]
}

Field

Description

@context

The context for the JSON-LD document. The expected @context value is https://www.w3.org/ns/solid/oidc-context.jsonld.

client_id

A string containing the application’s Client Identifier.

redirect_uris

An array containing URIs where the Solid Identity Provider may redirect the user to complete the login process.

Tip

To test with a locally running application during development, you can specify the localhost url (i.e., https://localhost:<port>) in both:

  • the redirect_uris in the Client Identifier, and

  • the redirectUrl in the application’s login() call.

scope

A string containing a space-delimited list of OAuth2.0 scopes your application is allowed to request. OAuth2.0 scopes include:

Scope

Notes

openid

openid is mandatory.

offline_access

Include offline_access to be issued refresh tokens.

For the definition of offline_access scope, see OpenID Connect: Offline Access.

webid

webid is mandatory.

Custom values may also be specified.

grant_types

An array of OAuth 2.0 grant types that the client can use at the authorization server’s token endpoint.

"authorization_code"

The default authentication flow, based on redirections between the application and the Solid Identity Provider.

"refresh_token"

The flow where a refresh token is used to “refresh” an expired session.

Used for apps that have declared the offline_access scope (i.e., discouraged for in-browser apps).

For additional values, see the grant_types definition in https://datatracker.ietf.org/doc/html/rfc7591#section-2.

client_name

Optional. A string containing a user-friendly name for the application.

client_uri

Optional. A string containing the application’s homepage URI.

logo_uri

Optional. A string containing the URI where the application’s logo is available.

tos_uri

Optional. A string containing the URI where the application’s terms of service are available.

policy_uri

Optional. A string containing the URI where the application’s privacy policy is available.

contacts

Optional. An array of contact information for the application.

Tip

For additional fields to include in the document as well as more information on the aforementioned fields, see RFC7591.