Inrupt WebsiteSupport Center

Solid-OIDC Client IDs

Solid-OIDC Client Identifiers (Client IDs) are URIs that dereference to a JSON-LD document, namely the Client ID document.

The Client ID document is a JSON-LD document with:

For example, the following sample JSON-LD document may be found by dereferencing the Client ID https://my-app.example.com/myappid.jsonld:

{
  "@context": "https://www.w3.org/ns/solid/oidc-context.jsonld",
  "client_id": "https://my-app.example.com/myappid.jsonld",
  "redirect_uris": ["https://my-app.example.com/callbackAfterLogin"],
  "client_name": "My Sample App",
  "client_uri": "https://my-app.example.com/",
  "logo_uri": "https://my-app.example.com/logo.png",
  "tos_uri": "https://my-app.example.com/terms.html",
  "policy_uri": "https://my-app.example.com/policy.html",
  "contacts": ["[email protected]"],
  "scope" : "openid offline_access webid",
  "grant_types" : ["refresh_token","authorization_code"],
  "post_logout_redirect_uris": [
    "https://my-app.example.com/"
  ]
}
Field
Description

@context

The context for the JSON-LD document. The expected @context value is https://www.w3.org/ns/solid/oidc-context.jsonld.

client_id

A string containing the application's Client Identifier.

redirect_uris

An array containing URIs where the Solid Identity Provider may redirect the user to complete the login process.

Tip To test with a locally running application during development, you can specify the localhost url (i.e., https://localhost:<port>) in both: • the redirect_uris in the Client Identifier, and • the redirectUrl in the application's login() call.

scope

A string containing a space-delimited list of OAuth2.0 scopes your application is allowed to request. OAuth2.0 scopes include:

Scope
Notes

openid

openid is mandatory.

offline_access

Include offline_access to be issued refresh tokens. For the definition of offline_access scope, see OpenID Connect: Offline Access.

webid

webid is mandatory

Custom values may also be specified.

Scope

Notes

openid

openid is mandatory.

offline_access

Include offline_access to be issued refresh tokens. For the definition of offline_access scope, see OpenID Connect: Offline Access.

webid

webid is mandatory

grant_types

An array of OAuth 2.0 grant types that the client can use at the authorization server's token endpoint.

Grant Type
Description

"authorization_code"

The default authentication flow, based on redirections between the application and the Solid Identity Provider.

"refresh_token"

The flow where a refresh token is used to "refresh" an expired session. Used for apps that have declared the offline_access scope (i.e., discouraged for in-browser apps).

For additional values, see the grant_types definition in https://datatracker.ietf.org/doc/html/rfc7591#section-2.

Grant Type

Description

"authorization_code"

The default authentication flow, based on redirections between the application and the Solid Identity Provider.

"refresh_token"

The flow where a refresh token is used to "refresh" an expired session. Used for apps that have declared the offline_access scope (i.e., discouraged for in-browser apps).

client_name

Optional. A string containing a user-friendly name for the application.

client_uri

Optional. A string containing the application's homepage URI.

logo_uri

Optional. A string containing the URI where the application's logo is available.

tos_uri

Optional. A string containing the URI where the application's terms of service are available.

policy_uri

Optional. A string containing the URI where the application's privacy policy is available.

contacts

Optional. An array of contact information for the application.

Tip For additional fields to include in the document as well as more information on the aforementioned fields, see RFC7591.

PreviousSession ManagementNextCRUD Module

Last updated