Merge pull request #1675 from solid/oidcScopesSupported

OIDC scopes supported

Author: bourgeoa

default-templates/new-account/profile/card$.ttl

@@ -17,6 +17,7 @@
 
     solid:account </> ;  # link to the account uri
     pim:storage </> ;    # root storage
+    solid:oidcIssuer <{{idp}}> ; # identity provider
 
     ldp:inbox </inbox/> ;
 

lib/models/account-manager.js

@@ -334,9 +334,9 @@ class AccountManager {
       name: userData.name,
       externalWebId: userData.externalWebId,
       localAccountId: userData.localAccountId,
-      webId: userData.webid || userData.webId || userData.externalWebId
+      webId: userData.webid || userData.webId || userData.externalWebId,
+      idp: this.host.serverUri
     }
-
     if (userConfig.username) {
       userConfig.username = userConfig.username.toLowerCase()
     }
@@ -360,6 +360,9 @@ class AccountManager {
     } else { // no username - derive it from web id
       if (userConfig.externalWebId) {
         userConfig.username = userConfig.externalWebId
+
+        // TODO find oidcIssuer from externalWebId
+        // removed from idp https://github.com/solid/node-solid-server/pull/1566
       } else {
         userConfig.username = this.usernameFromWebId(userConfig.webId)
       }

lib/models/account-template.js

@@ -75,7 +75,8 @@ class AccountTemplate {
     const substitutions = {
       name: userAccount.displayName,
       webId: userAccount.webId,
-      email: userAccount.email
+      email: userAccount.email,
+      idp: userAccount.idp
     }
 
     return substitutions

lib/models/user-account.js

@@ -24,6 +24,7 @@ class UserAccount {
     this.email = options.email
     this.externalWebId = options.externalWebId
     this.localAccountId = options.localAccountId
+    this.idp = options.idp
   }
 
   /**

package-lock.json

@@ -61,8 +61,8 @@
   "dependencies": {
     "@fastify/busboy": "^1.0.0",
     "@solid/acl-check": "^0.4.5",
-    "@solid/oidc-auth-manager": "^0.24.1",
-    "@solid/oidc-op": "0.11.5",
+    "@solid/oidc-auth-manager": "^0.24.2",
+    "@solid/oidc-op": "^0.11.6",
     "async-lock": "^1.3.0",
     "body-parser": "^1.19.1",
     "bootstrap": "^3.4.1",
@@ -108,7 +108,7 @@
     "text-encoder-lite": "^2.0.0",
     "the-big-username-blacklist": "^1.5.2",
     "ulid": "^2.3.0",
-    "urijs": "^1.19.7",
+    "urijs": "^1.19.10",
     "uuid": "^8.3.2",
     "valid-url": "^1.0.9",
     "validator": "^13.7.0",

package.json

@@ -132,6 +132,8 @@ describe.skip('AccountManager', () => {
         .then(() => {
           const profile = fs.readFileSync(path.join(accountDir, '/profile/card$.ttl'), 'utf8')
           expect(profile).to.include('"Alice Q."')
+          expect(profile).to.include('solid:oidcIssuer')
+          expect(profile).to.include('<https://localhost:8443>')
 
           const rootAcl = fs.readFileSync(path.join(accountDir, '.acl'), 'utf8')
           expect(rootAcl).to.include('<mailto:alice@')

test/integration/account-manager-test.js

@@ -50,6 +50,8 @@ describe.skip('AccountTemplate', () => {
         .then(() => {
           const profile = fs.readFileSync(path.join(accountPath, '/profile/card$.ttl'), 'utf8')
           expect(profile).to.include('"Alice Q."')
+          expect(profile).to.include('solid:oidcIssuer')
+          expect(profile).to.include('<https://example.com>')
 
           const rootAcl = fs.readFileSync(path.join(accountPath, '.acl'), 'utf8')
           expect(rootAcl).to.include('<mailto:alice@')

test/integration/account-template-test.js

@@ -17,6 +17,8 @@
 
     solid:account </> ;  # link to the account uri
     pim:storage </> ;    # root storage
+    solid:oidcIssuer <{{idp}}> ; # identity provider
+
 
     ldp:inbox </inbox/> ;
 

test/resources/accounts-acl/config/templates/new-account/profile/card

@@ -1,6 +1,10 @@
 {
   "issuer": "https://localhost:7777",
   "jwks_uri": "https://localhost:7777/jwks",
+  "scopes_supported": [
+    "openid",
+    "offline_access"
+  ],
   "response_types_supported": [
     "code",
     "code token",