diff --git a/reports/README.md b/reports/README.md index f68d18f..6e18c6f 100644 --- a/reports/README.md +++ b/reports/README.md @@ -8,7 +8,8 @@ You find the template [here](template.md). - [Aggregators to improve social media data access across many pods](./aggregators-to-improve-social-media-data-access-across-many-pods.md) - [App that lists apps and tooling](./app-that-lists-apps-and-tooling.md) - [Automatically test performance of each CSS commit](./automatically-test-performance-of-each-css-commit.md) -- [Browser extension intercepting urls to open resources with user-defined app](./browser-extension-intercepting-urls-to-open-resources-with-user-defined-app.md) +- [Browser extension: intercept urls to open resources with user-defined app](./browser-extension-intercepting-urls-to-open-resources-with-user-defined-app.md) +- [Browser extension: replace unauthenticated requests with authenticated Solid requests](./browser-extension-replace-unauthenticated-requests-with-authenticated-solid-requests.md) - [Building, rendering, and viewing forms](./building-rendering-viewing-forms.md) - [Drag & drop form builder to build basic RDF form definition](./drag-drop-form-builder-to-build-basic-rdf-form-definition.md) - [Edit pod files in Visual Studio Code](./edit-pod-files-in-vs-code.md) diff --git a/reports/browser-extension-intercepting-urls-to-open-resources-with-user-defined-app.md b/reports/browser-extension-intercepting-urls-to-open-resources-with-user-defined-app.md index b57b0d4..ed8bb41 100644 --- a/reports/browser-extension-intercepting-urls-to-open-resources-with-user-defined-app.md +++ b/reports/browser-extension-intercepting-urls-to-open-resources-with-user-defined-app.md @@ -1,4 +1,4 @@ -# Browser extension intercepting urls to open resources with user-defined app +# Browser extension: intercept urls to open resources with user-defined app The corresponding challenge is [#45](https://github.com/SolidLabResearch/Challenges/issues/45). @@ -49,4 +49,4 @@ None. ## Future work -- Advanced functions implementations might consider creating (N3) rules to decide what app to open based on resources/types. \ No newline at end of file +- Advanced functions implementations might consider creating (N3) rules to decide what app to open based on resources/types. diff --git a/reports/browser-extension-replace-unauthenticated-requests-with-authenticated-solid-requests.md b/reports/browser-extension-replace-unauthenticated-requests-with-authenticated-solid-requests.md new file mode 100644 index 0000000..7c40568 --- /dev/null +++ b/reports/browser-extension-replace-unauthenticated-requests-with-authenticated-solid-requests.md @@ -0,0 +1,97 @@ +# Browser extension: replace unauthenticated requests with authenticated Solid requests + +The corresponding challenge is [#67](https://github.com/SolidLabResearch/Challenges/issues/67). + +## Problem + + +A webpage `http://example.com` is only readable by my WebID `https://example.com/card#me`. +We want a browser extension that makes authenticated requests using my WebID. +That way, we don't have to change the webpage `http://example.com` to support a Solid login. + +## Approved solution + + +We developed a [browser extension](https://github.com/KNowledgeOnWebScale/solid-authentication-browser-extension/releases/tag/v1.0.0) +that replaces unauthenticated requests with authenticated Solid requests. +This happens by adding `authentication` and `dpop` headers to requests that +return a [401 status code](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/401) when a HEAD request first. +It works in Firefox and +you find a signed version [here](https://github.com/KNowledgeOnWebScale/solid-authentication-browser-extension/releases/download/v1.0.0/solid-authentication-1.0.xpi). +You find a screencast of the extension [here](https://cloud.ilabt.imec.be/index.php/s/QbabTcHkX2J8GHG). + + +We made the following important technological decisions and assumptions: +- The extension only works for GET requests, because this was the use case of the challenge. +You find more information [here](https://github.com/KNowledgeOnWebScale/solid-authentication-browser-extension/tree/24d274d7a3228c7a3ff1748b7dbb25b289ada82b#get-requests-only). +- The extension only works with WebIDs that use the Community Solid Server (>= v4.0.0) as identity provider, +because the extension relies on the [Client Credentials API](https://communitysolidserver.github.io/CommunitySolidServer/5.x/usage/client-credentials/). +You find more information [here](https://github.com/KNowledgeOnWebScale/solid-authentication-browser-extension/tree/24d274d7a3228c7a3ff1748b7dbb25b289ada82b#client-credentials). +We are looking into supporting [Solid-OIDC](https://solidproject.org/TR/oidc) for the next version. + +## User flow + + + +### Actors/actresses + +- Browser extension +- User of the extension + +### Preconditions + +- The user has installed +[v1 of the extension](https://github.com/KNowledgeOnWebScale/solid-authentication-browser-extension/releases/tag/v1.0.0) in the browser. +- The user has a WebID and pod. + You can create both for testing via the [Pod Playground of SolidLab](https://pod.playground.solidlab.be/). +- The pod has a resource that is publicly accessible, for example `https://example.com/public`. +- The pod has a resource that is only accessible with the user's WebID, for example `https://example.com/private`. + + +### Steps + +1. The user browses to `https://example.com/public` and sees the content of the page. +Note that the user did not log in with the extension yet. +2. The user browses to `https://example.com/private` and +can't see the content of the page. +3. The user logs in with the extension. +4. The user browses to `https://example.com/public` and +can still see the content of the page. +5. The user browses to `https://example.com/private` and +can now also see the content of the page. + +### Postconditions + +None. + +## Follow-up actions + + +- What are the security issues of letting the extension adjusting the authentication headers of every request? +- Support Solid apps to access information about the logged-in user ([issue](https://github.com/KNowledgeOnWebScale/solid-authentication-browser-extension/issues/36)). +- Support Solid-OIDC ([issue](https://github.com/KNowledgeOnWebScale/solid-authentication-browser-extension/issues/30)). +- Support other HTTP methods, such as POST ([issue](https://github.com/KNowledgeOnWebScale/solid-authentication-browser-extension/issues/14)) and PUT. +- Support Google Chrome ([issue](https://github.com/KNowledgeOnWebScale/solid-authentication-browser-extension/issues/5)). + +## Future work + + +None.