search
Inrupt WebsiteSupport Center

Solid-OIDC Client IDs

Solid-OIDC Client Identifiers (Client IDs)arrow-up-right are URIs that dereference to a JSON-LD document, namely the Client ID documentarrow-up-right.

The Client ID document is a JSON-LD documentarrow-up-right with:

For example, the following sample JSON-LD document may be found by dereferencing the Client ID https://my-app.example.com/myappid.jsonld:

{
  "@context": "https://www.w3.org/ns/solid/oidc-context.jsonld",
  "client_id": "https://my-app.example.com/myappid.jsonld",
  "redirect_uris": ["https://my-app.example.com/callbackAfterLogin"],
  "client_name": "My Sample App",
  "client_uri": "https://my-app.example.com/",
  "logo_uri": "https://my-app.example.com/logo.png",
  "tos_uri": "https://my-app.example.com/terms.html",
  "policy_uri": "https://my-app.example.com/policy.html",
  "contacts": ["[email protected]"],
  "scope" : "openid offline_access webid",
  "grant_types" : ["refresh_token","authorization_code"],
  "post_logout_redirect_uris": [
    "https://my-app.example.com/"
  ]
}
Field
Description

@context

The context for the JSON-LD document. The expected @context value is https://www.w3.org/ns/solid/oidc-context.jsonld.

client_id

A string containing the application's Client Identifier.

redirect_uris

An array containing URIs where the Solid Identity Provider may redirect the user to complete the login process.

circle-info

Tip To test with a locally running application during development, you can specify the localhost url (i.e., https://localhost:<port>) in both: • the redirect_uris in the Client Identifier, and • the redirectUrl in the application's login() call.

scope

A string containing a space-delimited list of OAuth2.0 scopes your application is allowed to request. OAuth2.0 scopes include:

Custom values may also be specified.

Scope

Notes

openid

openid is mandatory.

offline_access

Include offline_access to be issued refresh tokens. For the definition of offline_access scope, see OpenID Connect: Offline Accessarrow-up-right.

webid

webid is mandatory

Scope

Notes

openid

openid is mandatory.

offline_access

Include offline_access to be issued refresh tokens. For the definition of offline_access scope, see OpenID Connect: Offline Accessarrow-up-right.

webid

webid is mandatory

grant_types

An array of OAuth 2.0 grant types that the client can use at the authorization server's token endpoint.

For additional values, see the grant_types definition in https://datatracker.ietf.org/doc/html/rfc7591#section-2arrow-up-right.

Grant Type

Description

"authorization_code"

The default authentication flow, based on redirections between the application and the Solid Identity Provider.

"refresh_token"

The flow where a refresh token is used to "refresh" an expired session. Used for apps that have declared the offline_access scope (i.e., discouraged for in-browser apps).

Grant Type

Description

"authorization_code"

The default authentication flow, based on redirections between the application and the Solid Identity Provider.

"refresh_token"

The flow where a refresh token is used to "refresh" an expired session. Used for apps that have declared the offline_access scope (i.e., discouraged for in-browser apps).

client_name

Optional. A string containing a user-friendly name for the application.

client_uri

Optional. A string containing the application's homepage URI.

logo_uri

Optional. A string containing the URI where the application's logo is available.

tos_uri

Optional. A string containing the URI where the application's terms of service are available.

policy_uri

Optional. A string containing the URI where the application's privacy policy is available.

contacts

Optional. An array of contact information for the application.

circle-info

Tip For additional fields to include in the document as well as more information on the aforementioned fields, see RFC7591arrow-up-right.

PreviousSession ManagementNextCRUD Module

Last updated