javascript-solid-server 0.0.11 → 0.0.13

package/.claude/settings.local.json

@@ -20,7 +20,13 @@
       "WebFetch(domain:solid-contrib.github.io)",
       "Bash(git clone:*)",
       "Bash(chmod:*)",
-      "Bash(JSS_PORT=4000 JSS_CONNEG=true node bin/jss.js:*)"
+      "Bash(JSS_PORT=4000 JSS_CONNEG=true node bin/jss.js:*)",
+      "Bash(find:*)",
+      "Bash(timeout 5 node:*)",
+      "Bash(npm view:*)",
+      "Bash(npm ls:*)",
+      "Bash(timeout 10 node:*)",
+      "Bash(npm run test:cth:*)"
     ]
   }
 }

package/README.md

@@ -54,7 +54,7 @@ npm run benchmark
 
 ## Features
 
-### Implemented (v0.0.11)
+### Implemented (v0.0.13)
 
 - **LDP CRUD Operations** - GET, PUT, POST, DELETE, HEAD
 - **N3 Patch** - Solid's native patch format for RDF updates
@@ -67,6 +67,7 @@ npm run benchmark
 - **Multi-user Pods** - Create pods at `/<username>/`
 - **WebID Profiles** - JSON-LD structured data in HTML at pod root
 - **Web Access Control (WAC)** - `.acl` file-based authorization
+- **Solid-OIDC Identity Provider** - Built-in IdP with DPoP, dynamic registration
 - **Solid-OIDC Resource Server** - Accept DPoP-bound access tokens from external IdPs
 - **Simple Auth Tokens** - Built-in token authentication for development
 - **Content Negotiation** - Optional Turtle <-> JSON-LD conversion
@@ -132,6 +133,8 @@ jss --help             # Show help
 | `--ssl-cert <path>` | SSL certificate (PEM) | - |
 | `--conneg` | Enable Turtle support | false |
 | `--notifications` | Enable WebSocket | false |
+| `--idp` | Enable built-in IdP | false |
+| `--idp-issuer <url>` | IdP issuer URL | (auto) |
 | `-q, --quiet` | Suppress logs | false |
 
 ### Environment Variables
@@ -274,9 +277,60 @@ Use the token returned from pod creation:
 curl -H "Authorization: Bearer YOUR_TOKEN" http://localhost:3000/alice/private/
 ```
 
-### Solid-OIDC (Production)
+### Built-in Identity Provider (v0.0.12+)
 
-The server accepts DPoP-bound access tokens from external Solid identity providers:
+Enable the built-in Solid-OIDC Identity Provider:
+
+```bash
+jss start --idp
+```
+
+With IdP enabled, pod creation requires email and password:
+
+```bash
+curl -X POST http://localhost:3000/.pods \
+  -H "Content-Type: application/json" \
+  -d '{"name": "alice", "email": "alice@example.com", "password": "secret123"}'
+```
+
+Response:
+```json
+{
+  "name": "alice",
+  "webId": "http://localhost:3000/alice/#me",
+  "podUri": "http://localhost:3000/alice/",
+  "idpIssuer": "http://localhost:3000",
+  "loginUrl": "http://localhost:3000/idp/auth"
+}
+```
+
+OIDC Discovery: `/.well-known/openid-configuration`
+
+### Programmatic Login (CTH Compatible)
+
+For automated testing and scripts, use the credentials endpoint:
+
+```bash
+curl -X POST http://localhost:3000/idp/credentials \
+  -H "Content-Type: application/json" \
+  -d '{"email": "alice@example.com", "password": "secret123"}'
+```
+
+Response:
+```json
+{
+  "access_token": "...",
+  "token_type": "Bearer",
+  "expires_in": 3600,
+  "webid": "http://localhost:3000/alice/#me"
+}
+```
+
+For DPoP-bound tokens (Solid-OIDC compliant), include a DPoP proof header.
+
+### Solid-OIDC (External IdP)
+
+The server also accepts DPoP-bound access tokens from external Solid identity providers:
 
 ```bash
 curl -H "Authorization: DPoP ACCESS_TOKEN" \
@@ -323,7 +377,7 @@ Server: pub http://localhost:3000/alice/public/data.json  (on change)
 npm test
 ```
 
-Currently passing: **163 tests** (including 27 conformance tests)
+Currently passing: **182 tests** (including 27 conformance tests)
 
 ## Project Structure
 
@@ -355,6 +409,14 @@ src/
 │   ├── index.js          # WebSocket plugin
 │   ├── events.js         # Event emitter
 │   └── websocket.js      # solid-0.1 protocol
+├── idp/
+│   ├── index.js          # Identity Provider plugin
+│   ├── provider.js       # oidc-provider config
+│   ├── adapter.js        # Filesystem adapter
+│   ├── accounts.js       # User account management
+│   ├── keys.js           # JWKS key management
+│   ├── interactions.js   # Login/consent handlers
+│   └── views.js          # HTML templates
 ├── rdf/
 │   ├── turtle.js         # Turtle <-> JSON-LD
 │   └── conneg.js         # Content negotiation
@@ -372,6 +434,8 @@ Minimal dependencies for a fast, secure server:
 - **fs-extra** - Enhanced file operations
 - **jose** - JWT/JWK handling for Solid-OIDC
 - **n3** - Turtle parsing (only used when conneg enabled)
+- **oidc-provider** - OpenID Connect Identity Provider (only when IdP enabled)
+- **bcrypt** - Password hashing (only when IdP enabled)
 
 ## License
 

package/bin/jss.js

@@ -44,6 +44,9 @@ program
   .option('--no-conneg', 'Disable content negotiation')
   .option('--notifications', 'Enable WebSocket notifications')
   .option('--no-notifications', 'Disable WebSocket notifications')
+  .option('--idp', 'Enable built-in Identity Provider')
+  .option('--no-idp', 'Disable built-in Identity Provider')
+  .option('--idp-issuer <url>', 'IdP issuer URL (defaults to server URL)')
   .option('-q, --quiet', 'Suppress log output')
   .option('--print-config', 'Print configuration and exit')
   .action(async (options) => {
@@ -55,11 +58,19 @@ program
         process.exit(0);
       }
 
+      // Determine IdP issuer URL
+      const protocol = config.ssl ? 'https' : 'http';
+      const serverHost = config.host === '0.0.0.0' ? 'localhost' : config.host;
+      const baseUrl = `${protocol}://${serverHost}:${config.port}`;
+      const idpIssuer = config.idpIssuer || baseUrl;
+
       // Create and start server
       const server = createServer({
         logger: config.logger,
         conneg: config.conneg,
         notifications: config.notifications,
+        idp: config.idp,
+        idpIssuer: idpIssuer,
         ssl: config.ssl ? {
           key: await fs.readFile(config.sslKey),
           cert: await fs.readFile(config.sslCert),
@@ -69,16 +80,14 @@ program
 
       await server.listen({ port: config.port, host: config.host });
 
-      const protocol = config.ssl ? 'https' : 'http';
-      const address = config.host === '0.0.0.0' ? 'localhost' : config.host;
-
       if (!config.quiet) {
         console.log(`\n  JavaScript Solid Server v${pkg.version}`);
-        console.log(`  ${protocol}://${address}:${config.port}/`);
+        console.log(`  ${baseUrl}/`);
         console.log(`\n  Data: ${path.resolve(config.root)}`);
         if (config.ssl) console.log('  SSL:  enabled');
         if (config.conneg) console.log('  Conneg: enabled');
         if (config.notifications) console.log('  WebSocket: enabled');
+        if (config.idp) console.log(`  IdP: ${idpIssuer}`);
         console.log('\n  Press Ctrl+C to stop\n');
       }
 
@@ -142,6 +151,15 @@ program
         config.sslCert = await prompt('SSL certificate path', './ssl/cert.pem');
       }
 
+      // Ask about IdP
+      config.idp = await confirm('Enable built-in Identity Provider?', false);
+      if (config.idp) {
+        const customIssuer = await confirm('Use custom issuer URL?', false);
+        if (customIssuer) {
+          config.idpIssuer = await prompt('IdP issuer URL', 'https://example.com');
+        }
+      }
+
       console.log('');
     }
 

package/data/alice/.acl

@@ -0,0 +1,50 @@
+{
+  "@context": {
+    "acl": "http://www.w3.org/ns/auth/acl#",
+    "foaf": "http://xmlns.com/foaf/0.1/"
+  },
+  "@graph": [
+    {
+      "@id": "#owner",
+      "@type": "acl:Authorization",
+      "acl:agent": {
+        "@id": "http://localhost:3457/alice/#me"
+      },
+      "acl:accessTo": {
+        "@id": "http://localhost:3457/alice/"
+      },
+      "acl:mode": [
+        {
+          "@id": "acl:Read"
+        },
+        {
+          "@id": "acl:Write"
+        },
+        {
+          "@id": "acl:Control"
+        }
+      ],
+      "acl:default": {
+        "@id": "http://localhost:3457/alice/"
+      }
+    },
+    {
+      "@id": "#public",
+      "@type": "acl:Authorization",
+      "acl:agentClass": {
+        "@id": "foaf:Agent"
+      },
+      "acl:accessTo": {
+        "@id": "http://localhost:3457/alice/"
+      },
+      "acl:mode": [
+        {
+          "@id": "acl:Read"
+        }
+      ],
+      "acl:default": {
+        "@id": "http://localhost:3457/alice/"
+      }
+    }
+  ]
+}

package/data/alice/inbox/.acl

@@ -0,0 +1,50 @@
+{
+  "@context": {
+    "acl": "http://www.w3.org/ns/auth/acl#",
+    "foaf": "http://xmlns.com/foaf/0.1/"
+  },
+  "@graph": [
+    {
+      "@id": "#owner",
+      "@type": "acl:Authorization",
+      "acl:agent": {
+        "@id": "http://localhost:3457/alice/#me"
+      },
+      "acl:accessTo": {
+        "@id": "http://localhost:3457/alice/inbox/"
+      },
+      "acl:default": {
+        "@id": "http://localhost:3457/alice/inbox/"
+      },
+      "acl:mode": [
+        {
+          "@id": "acl:Read"
+        },
+        {
+          "@id": "acl:Write"
+        },
+        {
+          "@id": "acl:Control"
+        }
+      ]
+    },
+    {
+      "@id": "#public",
+      "@type": "acl:Authorization",
+      "acl:agentClass": {
+        "@id": "foaf:Agent"
+      },
+      "acl:accessTo": {
+        "@id": "http://localhost:3457/alice/inbox/"
+      },
+      "acl:default": {
+        "@id": "http://localhost:3457/alice/inbox/"
+      },
+      "acl:mode": [
+        {
+          "@id": "acl:Append"
+        }
+      ]
+    }
+  ]
+}

package/data/alice/index.html

@@ -0,0 +1,80 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <title>alice's Profile</title>
+  <script type="application/ld+json">
+{
+  "@context": {
+    "foaf": "http://xmlns.com/foaf/0.1/",
+    "solid": "http://www.w3.org/ns/solid/terms#",
+    "schema": "http://schema.org/",
+    "pim": "http://www.w3.org/ns/pim/space#",
+    "ldp": "http://www.w3.org/ns/ldp#",
+    "inbox": {
+      "@id": "ldp:inbox",
+      "@type": "@id"
+    },
+    "storage": {
+      "@id": "pim:storage",
+      "@type": "@id"
+    },
+    "oidcIssuer": {
+      "@id": "solid:oidcIssuer",
+      "@type": "@id"
+    },
+    "preferencesFile": {
+      "@id": "pim:preferencesFile",
+      "@type": "@id"
+    }
+  },
+  "@graph": [
+    {
+      "@id": "http://localhost:3457/alice/",
+      "@type": "foaf:PersonalProfileDocument",
+      "foaf:maker": {
+        "@id": "http://localhost:3457/alice/#me"
+      },
+      "foaf:primaryTopic": {
+        "@id": "http://localhost:3457/alice/#me"
+      }
+    },
+    {
+      "@id": "http://localhost:3457/alice/#me",
+      "@type": [
+        "foaf:Person",
+        "schema:Person"
+      ],
+      "foaf:name": "alice",
+      "inbox": "http://localhost:3457/alice/inbox/",
+      "storage": "http://localhost:3457/alice/",
+      "oidcIssuer": "http://localhost:3457",
+      "preferencesFile": "http://localhost:3457/alice/settings/prefs"
+    }
+  ]
+}
+  </script>
+  <style>
+    body { font-family: system-ui, sans-serif; max-width: 600px; margin: 2rem auto; padding: 0 1rem; }
+    h1 { color: #333; }
+    .card { background: #f5f5f5; padding: 1.5rem; border-radius: 8px; }
+    dt { font-weight: bold; margin-top: 1rem; }
+    dd { margin-left: 0; color: #666; }
+    a { color: #7c4dff; }
+  </style>
+</head>
+<body>
+  <div class="card">
+    <h1>alice</h1>
+    <dl>
+      <dt>WebID</dt>
+      <dd><a href="http://localhost:3457/alice/#me">http://localhost:3457/alice/#me</a></dd>
+      <dt>Storage</dt>
+      <dd><a href="http://localhost:3457/alice/">http://localhost:3457/alice/</a></dd>
+      <dt>Inbox</dt>
+      <dd><a href="http://localhost:3457/alice/inbox/">http://localhost:3457/alice/inbox/</a></dd>
+    </dl>
+  </div>
+</body>
+</html>

package/data/alice/private/.acl

@@ -0,0 +1,32 @@
+{
+  "@context": {
+    "acl": "http://www.w3.org/ns/auth/acl#",
+    "foaf": "http://xmlns.com/foaf/0.1/"
+  },
+  "@graph": [
+    {
+      "@id": "#owner",
+      "@type": "acl:Authorization",
+      "acl:agent": {
+        "@id": "http://localhost:3457/alice/#me"
+      },
+      "acl:accessTo": {
+        "@id": "http://localhost:3457/alice/private/"
+      },
+      "acl:mode": [
+        {
+          "@id": "acl:Read"
+        },
+        {
+          "@id": "acl:Write"
+        },
+        {
+          "@id": "acl:Control"
+        }
+      ],
+      "acl:default": {
+        "@id": "http://localhost:3457/alice/private/"
+      }
+    }
+  ]
+}

package/data/alice/public/test.json

@@ -0,0 +1 @@
+{"@id":"#test","http://example.org/value":42}

package/data/alice/settings/.acl

@@ -0,0 +1,32 @@
+{
+  "@context": {
+    "acl": "http://www.w3.org/ns/auth/acl#",
+    "foaf": "http://xmlns.com/foaf/0.1/"
+  },
+  "@graph": [
+    {
+      "@id": "#owner",
+      "@type": "acl:Authorization",
+      "acl:agent": {
+        "@id": "http://localhost:3457/alice/#me"
+      },
+      "acl:accessTo": {
+        "@id": "http://localhost:3457/alice/settings/"
+      },
+      "acl:mode": [
+        {
+          "@id": "acl:Read"
+        },
+        {
+          "@id": "acl:Write"
+        },
+        {
+          "@id": "acl:Control"
+        }
+      ],
+      "acl:default": {
+        "@id": "http://localhost:3457/alice/settings/"
+      }
+    }
+  ]
+}

package/data/alice/settings/prefs

@@ -0,0 +1,17 @@
+{
+  "@context": {
+    "solid": "http://www.w3.org/ns/solid/terms#",
+    "pim": "http://www.w3.org/ns/pim/space#",
+    "publicTypeIndex": {
+      "@id": "solid:publicTypeIndex",
+      "@type": "@id"
+    },
+    "privateTypeIndex": {
+      "@id": "solid:privateTypeIndex",
+      "@type": "@id"
+    }
+  },
+  "@id": "http://localhost:3457/alice/settings/prefs",
+  "publicTypeIndex": "http://localhost:3457/alice/settings/publicTypeIndex",
+  "privateTypeIndex": "http://localhost:3457/alice/settings/privateTypeIndex"
+}

package/data/alice/settings/privateTypeIndex

@@ -0,0 +1,7 @@
+{
+  "@context": {
+    "solid": "http://www.w3.org/ns/solid/terms#"
+  },
+  "@id": "http://localhost:3457/alice/settings/privateTypeIndex",
+  "@type": "solid:TypeIndex"
+}

package/data/alice/settings/publicTypeIndex

@@ -0,0 +1,7 @@
+{
+  "@context": {
+    "solid": "http://www.w3.org/ns/solid/terms#"
+  },
+  "@id": "http://localhost:3457/alice/settings/publicTypeIndex",
+  "@type": "solid:TypeIndex"
+}

package/data/bob/.acl

@@ -0,0 +1,50 @@
+{
+  "@context": {
+    "acl": "http://www.w3.org/ns/auth/acl#",
+    "foaf": "http://xmlns.com/foaf/0.1/"
+  },
+  "@graph": [
+    {
+      "@id": "#owner",
+      "@type": "acl:Authorization",
+      "acl:agent": {
+        "@id": "http://localhost:3457/bob/#me"
+      },
+      "acl:accessTo": {
+        "@id": "http://localhost:3457/bob/"
+      },
+      "acl:mode": [
+        {
+          "@id": "acl:Read"
+        },
+        {
+          "@id": "acl:Write"
+        },
+        {
+          "@id": "acl:Control"
+        }
+      ],
+      "acl:default": {
+        "@id": "http://localhost:3457/bob/"
+      }
+    },
+    {
+      "@id": "#public",
+      "@type": "acl:Authorization",
+      "acl:agentClass": {
+        "@id": "foaf:Agent"
+      },
+      "acl:accessTo": {
+        "@id": "http://localhost:3457/bob/"
+      },
+      "acl:mode": [
+        {
+          "@id": "acl:Read"
+        }
+      ],
+      "acl:default": {
+        "@id": "http://localhost:3457/bob/"
+      }
+    }
+  ]
+}

package/data/bob/inbox/.acl

@@ -0,0 +1,50 @@
+{
+  "@context": {
+    "acl": "http://www.w3.org/ns/auth/acl#",
+    "foaf": "http://xmlns.com/foaf/0.1/"
+  },
+  "@graph": [
+    {
+      "@id": "#owner",
+      "@type": "acl:Authorization",
+      "acl:agent": {
+        "@id": "http://localhost:3457/bob/#me"
+      },
+      "acl:accessTo": {
+        "@id": "http://localhost:3457/bob/inbox/"
+      },
+      "acl:default": {
+        "@id": "http://localhost:3457/bob/inbox/"
+      },
+      "acl:mode": [
+        {
+          "@id": "acl:Read"
+        },
+        {
+          "@id": "acl:Write"
+        },
+        {
+          "@id": "acl:Control"
+        }
+      ]
+    },
+    {
+      "@id": "#public",
+      "@type": "acl:Authorization",
+      "acl:agentClass": {
+        "@id": "foaf:Agent"
+      },
+      "acl:accessTo": {
+        "@id": "http://localhost:3457/bob/inbox/"
+      },
+      "acl:default": {
+        "@id": "http://localhost:3457/bob/inbox/"
+      },
+      "acl:mode": [
+        {
+          "@id": "acl:Append"
+        }
+      ]
+    }
+  ]
+}

package/data/bob/index.html

@@ -0,0 +1,80 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <title>bob's Profile</title>
+  <script type="application/ld+json">
+{
+  "@context": {
+    "foaf": "http://xmlns.com/foaf/0.1/",
+    "solid": "http://www.w3.org/ns/solid/terms#",
+    "schema": "http://schema.org/",
+    "pim": "http://www.w3.org/ns/pim/space#",
+    "ldp": "http://www.w3.org/ns/ldp#",
+    "inbox": {
+      "@id": "ldp:inbox",
+      "@type": "@id"
+    },
+    "storage": {
+      "@id": "pim:storage",
+      "@type": "@id"
+    },
+    "oidcIssuer": {
+      "@id": "solid:oidcIssuer",
+      "@type": "@id"
+    },
+    "preferencesFile": {
+      "@id": "pim:preferencesFile",
+      "@type": "@id"
+    }
+  },
+  "@graph": [
+    {
+      "@id": "http://localhost:3457/bob/",
+      "@type": "foaf:PersonalProfileDocument",
+      "foaf:maker": {
+        "@id": "http://localhost:3457/bob/#me"
+      },
+      "foaf:primaryTopic": {
+        "@id": "http://localhost:3457/bob/#me"
+      }
+    },
+    {
+      "@id": "http://localhost:3457/bob/#me",
+      "@type": [
+        "foaf:Person",
+        "schema:Person"
+      ],
+      "foaf:name": "bob",
+      "inbox": "http://localhost:3457/bob/inbox/",
+      "storage": "http://localhost:3457/bob/",
+      "oidcIssuer": "http://localhost:3457",
+      "preferencesFile": "http://localhost:3457/bob/settings/prefs"
+    }
+  ]
+}
+  </script>
+  <style>
+    body { font-family: system-ui, sans-serif; max-width: 600px; margin: 2rem auto; padding: 0 1rem; }
+    h1 { color: #333; }
+    .card { background: #f5f5f5; padding: 1.5rem; border-radius: 8px; }
+    dt { font-weight: bold; margin-top: 1rem; }
+    dd { margin-left: 0; color: #666; }
+    a { color: #7c4dff; }
+  </style>
+</head>
+<body>
+  <div class="card">
+    <h1>bob</h1>
+    <dl>
+      <dt>WebID</dt>
+      <dd><a href="http://localhost:3457/bob/#me">http://localhost:3457/bob/#me</a></dd>
+      <dt>Storage</dt>
+      <dd><a href="http://localhost:3457/bob/">http://localhost:3457/bob/</a></dd>
+      <dt>Inbox</dt>
+      <dd><a href="http://localhost:3457/bob/inbox/">http://localhost:3457/bob/inbox/</a></dd>
+    </dl>
+  </div>
+</body>
+</html>