Application Registration#

New in version 2.0.

By default, ESS’ Broker Service supports static registration of client applications. Using the Application Registration feature, users can statically register their applications to receive client credentials (i.e., Client ID and Client Secret).

With these client credentials, your applications can perform an authentication flow without requiring browser-based user interactions with the Identity Provider.


Safeguard your Client ID and Client Secret values. Do not share these with any third parties as anyone with your Client ID and Client Secret values can impersonate you and act fully on your behalf.


  1. Go to the Application Registration page; e.g., https://openid.<ESSDOMAIN>/registration.html.

  2. If not already logged in, you will redirect to the login page. Log in with your username and password.

  3. In the Register an app textbox, enter your application’s name and click Register.

  4. The Client ID and Client Secret for your application appears under Apps You’ve Registered list.


    • You can register up to 10 applications.

    • You can delete an application’s registration by clicking on the three-dot icon and selecting Delete app from the menu.

Authenticate with Client Credentials#

Once you have registered the application, you can use its client credentials in the application’s login code.


To create an ACP policy that allows your registered client to access your Pod data, see Create Policy for Client Applications.

You can use the registered client credentials to login with the @inrupt/solid-client-authn-node library. Once logged in, your application can perform authenticated operations:

const { Session } = require("@inrupt/solid-client-authn-node");
const { getSolidDataset } = require("@inrupt/solid-client");

const session = new Session();

// Call loginAndRead with your Client ID and Secret
function loginAndRead(myClientId, myClientSecret) {
  try {
    // Log in using the credentials from the registered client.
        clientId: myClientId,
        clientSecret: myClientSecret,
        oidcIssuer: "https://openid.<ESS Domain>"
      .then(() => {
        if ( {
"INFO::::::::: Logged In with Client Credentials.");

          // Perform some operation
          getMyData("<Your Resource URL to fetch>");
  } catch (err) {

function getMyData(url) {
  getSolidDataset(url, { fetch: session.fetch })
    .then((response) => {
      // Various Processing


To disable the Register an Application feature, set INRUPT_OPENID_CATALOG_DISABLED to true.