For applications implementing Authorization Code Flow:
The application starts the login process by sending the user to the user’s Solid Identity Provider.
The user logs in to the Solid Identity Provider.
The Solid Identity Provider sends the user back to your application, where the application handles the returned authentication information to complete the login process.
For applications implementing Client Credentials flow:
The application (such as a single-user script) logs in, on behalf of the user who registered the client, by sending its client credentials to its Solid Identity Provider (i.e., where the user registered the client).
The Solid Identity Provider returns the tokens to the app.
Inrupt Client Libraries#
Inrupt provides the following libraries for authentication:
solid-client-authn-browserto authenticate in a browser.
solid-client-authn-nodeto authenticate in Node.js.
Note about Client Registration
OpenID Connect and OAuth 2.0 require applications to be registered before the applications can login users with OpenID Connect or request OAuth 2.0 access tokens. Solid-OIDC specification builds upon the OpenID Connect standards, which itself builds on the OAuth 2.0 authorization framework. As such, Solid applications must be registered with the Solid Identity Provider.
Inrupt’s client libraries provide
login APIs that can handle the
client registration (via dynamic registration of the client or via
Solid-OIDC registration using a Client ID document). Additionally, if
a user has statically/manually registered a client for client
credentials authentication flow, the
login APIs can use the
client credentials to login on behalf of the user.