javascript-solid-server 0.0.45 → 0.0.47

package/.claude/settings.local.json

@@ -139,7 +139,13 @@
       "Bash(gh gist view:*)",
       "Bash(./bin/git-credential-nostr acl:*)",
       "Bash(DATA_ROOT=/tmp/jss-git-test/data node:*)",
-      "Bash(git remote set-url:*)"
+      "Bash(git remote set-url:*)",
+      "Bash(for:*)",
+      "Bash(^/**\" | head -1 | sed ''''s/.*\\* //'''')\")",
+      "Bash(if [ ! -d \"node-solid-server\" ])",
+      "Bash(then git clone --depth 1 https://github.com/nodeSolidServer/node-solid-server.git)",
+      "Bash(node test-local-nss2.js:*)",
+      "Bash(npm test)"
     ]
   }
 }

package/README.md

@@ -2,6 +2,8 @@
 
 A minimal, fast, JSON-LD native Solid server.
 
+**[Documentation](https://javascriptsolidserver.github.io/docs/)** | **[GitHub](https://github.com/JavaScriptSolidServer/JavaScriptSolidServer)**
+
 ## Features
 
 ### Implemented (v0.0.42)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "javascript-solid-server",
-  "version": "0.0.45",
+  "version": "0.0.47",
   "description": "A minimal, fast Solid server",
   "main": "src/index.js",
   "type": "module",
@@ -18,7 +18,7 @@
   "scripts": {
     "start": "node bin/jss.js start",
     "dev": "node --watch bin/jss.js start",
-    "test": "node --test --test-concurrency=1",
+    "test": "node --test --test-concurrency=1 'test/*.test.js'",
     "test:cth": "node scripts/test-cth-compat.js",
     "benchmark": "node benchmark.js"
   },

package/src/handlers/git.js

@@ -1,6 +1,6 @@
-import { spawn } from 'child_process';
-import { existsSync, statSync } from 'fs';
-import { join, resolve } from 'path';
+import { spawn, execSync } from 'child_process';
+import { existsSync, statSync, mkdirSync, writeFileSync } from 'fs';
+import { join, resolve, dirname } from 'path';
 
 /**
  * Check if a URL path is a Git protocol request
@@ -93,12 +93,24 @@ export async function handleGit(request, reply) {
     return reply.code(404).send({ error: 'Not a git repository' });
   }
 
-  // Auto-configure non-bare repos to accept pushes and update working directory
-  if (gitInfo.isRegular && isGitWriteOperation(urlPath)) {
-    spawn('git', ['config', 'receive.denyCurrentBranch', 'updateInstead'], {
-      cwd: repoAbs,
-      env: { ...process.env, GIT_DIR: gitInfo.gitDir }
-    });
+  // Auto-configure repos to accept pushes (check full URL for query string)
+  if (isGitWriteOperation(request.url)) {
+    try {
+      // Enable receive-pack for HTTP push
+      execSync('git config http.receivepack true', {
+        cwd: repoAbs,
+        env: { ...process.env, GIT_DIR: gitInfo.gitDir }
+      });
+      // For non-bare repos, auto-update working directory after push
+      if (gitInfo.isRegular) {
+        execSync('git config receive.denyCurrentBranch updateInstead', {
+          cwd: repoAbs,
+          env: { ...process.env, GIT_DIR: gitInfo.gitDir }
+        });
+      }
+    } catch (e) {
+      // Ignore config errors - repo may still work
+    }
   }
 
   // Build CGI environment

package/test/interop/README.md

@@ -0,0 +1,43 @@
+# Interop Tests
+
+Manual tests for debugging cross-server authentication issues. These tests depend on external services and are not run as part of `npm test`.
+
+## Usage
+
+```bash
+cd test/interop
+node <test-file>.js
+```
+
+## Tests
+
+| File | Description |
+|------|-------------|
+| `css-interop.js` | Test OIDC config against CSS and NSS servers |
+| `solidcommunity-interop.js` | Test DPoP auth against solidcommunity.net (CSS) |
+| `nss-local.js` | Test DPoP auth against local NSS instance |
+| `nss-local-fixed.js` | Test with Accept header fix applied |
+| `nss-discovery.js` | Debug NSS OIDC discovery process |
+| `webid-discovery.js` | Test WebID profile discovery and content negotiation |
+| `rdflib-discovery.js` | Test rdflib parsing of WebID profiles |
+
+## Known Issues
+
+- **NSS WebID Discovery Bug**: NSS's `oidc-auth-manager` doesn't send Accept headers when fetching WebID profiles, causing discovery to fail when servers return HTML instead of Turtle. See: https://github.com/nodeSolidServer/oidc-auth-manager/issues/79
+
+## Requirements
+
+- `node-fetch`
+- `jose`
+- `rdflib` (for rdflib tests)
+- Valid credentials for melvincarvalho.com IdP
+
+## Note on WebID Formats
+
+Two popular WebID locations exist:
+- `https://example.com/#me` (root + fragment)
+- `https://example.com/profile/card#me` (profile path)
+
+JSS is currently configured for `/profile/card` but will support `/` in the future.
+
+**Trade-offs**: When WebID is at root (`/#me`), the root container must be public for discovery. Care must be taken with child ACLs to ensure private resources remain protected.

package/test/interop/css-interop.js

@@ -0,0 +1,102 @@
+/**
+ * Test against Community Solid Server (CSS) - typically more permissive
+ * Also check solidweb.org configuration
+ */
+const fetch = require('node-fetch');
+const jose = require('jose');
+const crypto = require('crypto');
+
+const ISSUER = 'https://melvincarvalho.com/';
+
+async function test() {
+  console.log('=== Checking OIDC Configuration Details ===\n');
+
+  // Check solidweb.org OIDC config in detail
+  console.log('1. solidweb.org OIDC configuration:');
+  const swConfig = await fetch('https://solidweb.org/.well-known/openid-configuration');
+  const swData = await swConfig.json();
+  console.log('   issuer:', swData.issuer);
+  console.log('   subject_types_supported:', swData.subject_types_supported);
+  console.log('   id_token_signing_alg_values_supported:', swData.id_token_signing_alg_values_supported);
+  console.log('   token_endpoint_auth_methods_supported:', swData.token_endpoint_auth_methods_supported);
+  console.log('   claims_supported:', swData.claims_supported);
+
+  // Check melvincarvalho.com for comparison
+  console.log('\n2. melvincarvalho.com OIDC configuration:');
+  const mcConfig = await fetch('https://melvincarvalho.com/.well-known/openid-configuration');
+  const mcData = await mcConfig.json();
+  console.log('   issuer:', mcData.issuer);
+  console.log('   id_token_signing_alg_values_supported:', mcData.id_token_signing_alg_values_supported);
+
+  // Find other known Solid servers to test
+  console.log('\n3. Testing other Solid servers...');
+  
+  const otherServers = [
+    'https://solidcommunity.net/.well-known/openid-configuration',
+    'https://inrupt.net/.well-known/openid-configuration',
+    'https://login.inrupt.com/.well-known/openid-configuration',
+  ];
+
+  for (const url of otherServers) {
+    try {
+      const resp = await fetch(url, { timeout: 5000 });
+      if (resp.ok) {
+        const data = await resp.json();
+        console.log('   ' + url.split('/')[2] + ':');
+        console.log('      issuer:', data.issuer);
+        console.log('      token_types:', data.token_types_supported);
+      }
+    } catch (err) {
+      console.log('   ' + url.split('/')[2] + ': ' + err.message);
+    }
+  }
+
+  // Now test our token against solidcommunity.net (another NSS)
+  console.log('\n4. Testing DPoP token against solidcommunity.net...');
+  
+  const { publicKey, privateKey } = await jose.generateKeyPair('ES256');
+  const publicJwk = await jose.exportJWK(publicKey);
+
+  const credDpopProof = await new jose.SignJWT({
+    htm: 'POST',
+    htu: ISSUER + 'idp/credentials',
+    iat: Math.floor(Date.now() / 1000),
+    jti: crypto.randomUUID(),
+  })
+    .setProtectedHeader({ alg: 'ES256', typ: 'dpop+jwt', jwk: publicJwk })
+    .sign(privateKey);
+
+  const tokenResp = await fetch(ISSUER + 'idp/credentials', {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json', 'DPoP': credDpopProof },
+    body: JSON.stringify({ email: 'melvin', password: 'melvintest123' }),
+  });
+  const { access_token } = await tokenResp.json();
+
+  // Test on solidcommunity.net
+  const testUrl = 'https://solidcommunity.net/';
+  const dpopProof = await new jose.SignJWT({
+    htm: 'GET',
+    htu: testUrl,
+    iat: Math.floor(Date.now() / 1000),
+    jti: crypto.randomUUID(),
+  })
+    .setProtectedHeader({ alg: 'ES256', typ: 'dpop+jwt', jwk: publicJwk })
+    .sign(privateKey);
+
+  const testResp = await fetch(testUrl, {
+    headers: {
+      'Authorization': 'DPoP ' + access_token,
+      'DPoP': dpopProof,
+      'Accept': 'text/turtle',
+    },
+  });
+
+  console.log('   Status:', testResp.status);
+  const wwwAuth = testResp.headers.get('www-authenticate');
+  if (wwwAuth) {
+    console.log('   WWW-Auth:', wwwAuth);
+  }
+}
+
+test().catch(console.error);

package/test/interop/nss-discovery.js

@@ -0,0 +1,82 @@
+/**
+ * Simulate what NSS does to verify our token
+ */
+const fetch = require('node-fetch');
+const jose = require('jose');
+const crypto = require('crypto');
+
+const ISSUER = 'https://melvincarvalho.com/';
+
+async function test() {
+  console.log('=== Simulating NSS Token Verification ===\n');
+
+  // Step 1: Get a token
+  const { publicKey, privateKey } = await jose.generateKeyPair('ES256');
+  const publicJwk = await jose.exportJWK(publicKey);
+  
+  const credProof = await new jose.SignJWT({
+    htm: 'POST', htu: ISSUER + 'idp/credentials',
+    iat: Math.floor(Date.now() / 1000), jti: crypto.randomUUID(),
+  }).setProtectedHeader({ alg: 'ES256', typ: 'dpop+jwt', jwk: publicJwk }).sign(privateKey);
+
+  const tokenResp = await fetch(ISSUER + 'idp/credentials', {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json', 'DPoP': credProof },
+    body: JSON.stringify({ email: 'melvin', password: 'melvintest123' }),
+  });
+  const { access_token } = await tokenResp.json();
+  
+  // Decode token
+  const parts = access_token.split('.');
+  const header = JSON.parse(Buffer.from(parts[0], 'base64url').toString());
+  const payload = JSON.parse(Buffer.from(parts[1], 'base64url').toString());
+  
+  console.log('Token issuer:', payload.iss);
+  console.log('Token webid:', payload.webid);
+  console.log('Token kid:', header.kid);
+
+  // Step 2: NSS would fetch WebID to discover issuer
+  console.log('\n1. Fetching WebID profile...');
+  const webidUrl = payload.webid.split('#')[0];
+  const webidResp = await fetch(webidUrl, { headers: { Accept: 'text/turtle' } });
+  console.log('   Status:', webidResp.status);
+  const webidBody = await webidResp.text();
+  const issuerMatch = webidBody.match(/oidcIssuer[^<]*<([^>]+)>/);
+  console.log('   Found oidcIssuer:', issuerMatch ? issuerMatch[1] : 'NOT FOUND');
+
+  // Step 3: NSS would fetch OIDC config
+  console.log('\n2. Fetching OIDC config...');
+  const configResp = await fetch(payload.iss + '.well-known/openid-configuration');
+  console.log('   Status:', configResp.status);
+  const config = await configResp.json();
+  console.log('   jwks_uri:', config.jwks_uri);
+
+  // Step 4: NSS would fetch JWKS
+  console.log('\n3. Fetching JWKS...');
+  const jwksResp = await fetch(config.jwks_uri);
+  console.log('   Status:', jwksResp.status);
+  const jwks = await jwksResp.json();
+  console.log('   Keys:', jwks.keys.length);
+  
+  // Step 5: Find matching key
+  console.log('\n4. Finding key for kid:', header.kid);
+  const key = jwks.keys.find(k => k.kid === header.kid);
+  if (key) {
+    console.log('   Found key, alg:', key.alg);
+    
+    // Try to verify
+    console.log('\n5. Verifying token signature...');
+    try {
+      const jwksSet = jose.createRemoteJWKSet(new URL(config.jwks_uri));
+      const { payload: verified } = await jose.jwtVerify(access_token, jwksSet);
+      console.log('   ✓ Signature valid!');
+      console.log('   Verified webid:', verified.webid);
+    } catch (err) {
+      console.log('   ✗ Verification failed:', err.message);
+    }
+  } else {
+    console.log('   ✗ Key not found!');
+  }
+}
+
+test().catch(console.error);

package/test/interop/nss-local-fixed.js

@@ -0,0 +1,50 @@
+const fetch = require('node-fetch');
+const jose = require('jose');
+const crypto = require('crypto');
+const https = require('https');
+
+const ISSUER = 'https://melvincarvalho.com/';
+const NSS_URL = 'https://localhost:8444/';
+
+const agent = new https.Agent({ rejectUnauthorized: false });
+
+async function test() {
+  console.log('=== Testing DPoP against local NSS (port 8444) ===\n');
+
+  const { publicKey, privateKey } = await jose.generateKeyPair('ES256');
+  const publicJwk = await jose.exportJWK(publicKey);
+
+  const credProof = await new jose.SignJWT({
+    htm: 'POST', htu: ISSUER + 'idp/credentials',
+    iat: Math.floor(Date.now() / 1000), jti: crypto.randomUUID(),
+  }).setProtectedHeader({ alg: 'ES256', typ: 'dpop+jwt', jwk: publicJwk }).sign(privateKey);
+
+  const tokenResp = await fetch(ISSUER + 'idp/credentials', {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json', 'DPoP': credProof },
+    body: JSON.stringify({ email: 'melvin', password: 'melvintest123' }),
+  });
+  const { access_token } = await tokenResp.json();
+  console.log('Got token from melvincarvalho.com');
+
+  const dpopProof = await new jose.SignJWT({
+    htm: 'GET', htu: NSS_URL,
+    iat: Math.floor(Date.now() / 1000), jti: crypto.randomUUID(),
+  }).setProtectedHeader({ alg: 'ES256', typ: 'dpop+jwt', jwk: publicJwk }).sign(privateKey);
+
+  console.log('Testing against local NSS:', NSS_URL);
+  const resp = await fetch(NSS_URL, {
+    agent,
+    headers: {
+      'Authorization': 'DPoP ' + access_token,
+      'DPoP': dpopProof,
+      'Accept': 'text/turtle',
+    },
+  });
+
+  console.log('Status:', resp.status);
+  const wwwAuth = resp.headers.get('www-authenticate');
+  if (wwwAuth) console.log('WWW-Authenticate:', wwwAuth);
+}
+
+test().catch(console.error);

package/test/interop/nss-local.js

@@ -0,0 +1,53 @@
+const fetch = require('node-fetch');
+const jose = require('jose');
+const crypto = require('crypto');
+const https = require('https');
+
+const ISSUER = 'https://melvincarvalho.com/';
+const NSS_URL = 'https://localhost:8443/';
+
+// Allow self-signed cert
+const agent = new https.Agent({ rejectUnauthorized: false });
+
+async function test() {
+  console.log('=== Testing DPoP against local NSS ===\n');
+
+  // Get DPoP token from our IdP
+  const { publicKey, privateKey } = await jose.generateKeyPair('ES256');
+  const publicJwk = await jose.exportJWK(publicKey);
+
+  const credProof = await new jose.SignJWT({
+    htm: 'POST', htu: ISSUER + 'idp/credentials',
+    iat: Math.floor(Date.now() / 1000), jti: crypto.randomUUID(),
+  }).setProtectedHeader({ alg: 'ES256', typ: 'dpop+jwt', jwk: publicJwk }).sign(privateKey);
+
+  const tokenResp = await fetch(ISSUER + 'idp/credentials', {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json', 'DPoP': credProof },
+    body: JSON.stringify({ email: 'melvin', password: 'melvintest123' }),
+  });
+  const { access_token } = await tokenResp.json();
+  console.log('Got token from melvincarvalho.com');
+
+  // Create DPoP proof for local NSS
+  const dpopProof = await new jose.SignJWT({
+    htm: 'GET', htu: NSS_URL,
+    iat: Math.floor(Date.now() / 1000), jti: crypto.randomUUID(),
+  }).setProtectedHeader({ alg: 'ES256', typ: 'dpop+jwt', jwk: publicJwk }).sign(privateKey);
+
+  console.log('Testing against local NSS:', NSS_URL);
+  const resp = await fetch(NSS_URL, {
+    agent,
+    headers: {
+      'Authorization': 'DPoP ' + access_token,
+      'DPoP': dpopProof,
+      'Accept': 'text/turtle',
+    },
+  });
+
+  console.log('Status:', resp.status);
+  const wwwAuth = resp.headers.get('www-authenticate');
+  if (wwwAuth) console.log('WWW-Authenticate:', wwwAuth);
+}
+
+test().catch(console.error);

package/test/interop/rdflib-discovery.js

@@ -0,0 +1,44 @@
+const rdf = require('rdflib');
+
+const webId = 'https://melvincarvalho.com/#me';
+
+const store = rdf.graph();
+const fetcher = rdf.fetcher(store);
+
+console.log('Testing rdflib fetch of WebID:', webId);
+
+fetcher.load(webId, { force: true })
+  .then(response => {
+    console.log('\n=== Response ===');
+    console.log('Status:', response.status);
+    
+    const providerTerm = rdf.namedNode('http://www.w3.org/ns/solid/terms#oidcIssuer');
+    const webIdNode = rdf.namedNode(webId);
+    
+    console.log('\n=== Query ===');
+    console.log('Subject:', webIdNode.value);
+    console.log('Predicate:', providerTerm.value);
+    
+    const providerUri = store.anyValue(webIdNode, providerTerm);
+    console.log('\n=== Result ===');
+    console.log('Provider URI:', providerUri);
+    console.log('Provider URI type:', typeof providerUri);
+    
+    // Also check what's in the store
+    console.log('\n=== All oidcIssuer statements ===');
+    const statements = store.match(null, providerTerm, null);
+    statements.forEach(st => {
+      console.log('  Subject:', st.subject.value);
+      console.log('  Object:', st.object.value);
+    });
+    
+    // Compare with token issuer
+    const tokenIssuer = 'https://melvincarvalho.com/';
+    console.log('\n=== Comparison ===');
+    console.log('Token issuer:', tokenIssuer);
+    console.log('Provider from profile:', providerUri);
+    console.log('Match:', providerUri === tokenIssuer);
+  })
+  .catch(err => {
+    console.error('Error:', err.message);
+  });

package/test/interop/solidcommunity-interop.js

@@ -0,0 +1,126 @@
+/**
+ * Test on solidcommunity.net to confirm DPoP auth works
+ */
+const fetch = require('node-fetch');
+const jose = require('jose');
+const crypto = require('crypto');
+
+const ISSUER = 'https://melvincarvalho.com/';
+
+async function test() {
+  console.log('=== Confirming DPoP works on solidcommunity.net ===\n');
+
+  const { publicKey, privateKey } = await jose.generateKeyPair('ES256');
+  const publicJwk = await jose.exportJWK(publicKey);
+
+  const credDpopProof = await new jose.SignJWT({
+    htm: 'POST',
+    htu: ISSUER + 'idp/credentials',
+    iat: Math.floor(Date.now() / 1000),
+    jti: crypto.randomUUID(),
+  })
+    .setProtectedHeader({ alg: 'ES256', typ: 'dpop+jwt', jwk: publicJwk })
+    .sign(privateKey);
+
+  const tokenResp = await fetch(ISSUER + 'idp/credentials', {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json', 'DPoP': credDpopProof },
+    body: JSON.stringify({ email: 'melvin', password: 'melvintest123' }),
+  });
+  const tokenData = await tokenResp.json();
+  const access_token = tokenData.access_token;
+  console.log('Got token, webid:', tokenData.webid);
+
+  // Parse token
+  const payload = JSON.parse(Buffer.from(access_token.split('.')[1], 'base64url').toString());
+  console.log('Token issuer:', payload.iss);
+  console.log('Token webid:', payload.webid);
+  console.log('Token cnf.jkt:', payload.cnf.jkt.substring(0, 20) + '...');
+
+  // Test different endpoints on solidcommunity.net
+  const tests = [
+    { url: 'https://solidcommunity.net/', name: 'root (public)' },
+    { url: 'https://melvin.solidcommunity.net/', name: 'user pod root' },
+    { url: 'https://melvin.solidcommunity.net/profile/card', name: 'user profile' },
+  ];
+
+  for (const t of tests) {
+    console.log('\n--- ' + t.name + ' ---');
+    console.log('URL:', t.url);
+
+    // Without auth
+    const noAuthResp = await fetch(t.url, {
+      headers: { 'Accept': 'text/turtle' },
+    });
+    console.log('Without auth:', noAuthResp.status);
+
+    // With DPoP
+    const dpopProof = await new jose.SignJWT({
+      htm: 'GET',
+      htu: t.url,
+      iat: Math.floor(Date.now() / 1000),
+      jti: crypto.randomUUID(),
+    })
+      .setProtectedHeader({ alg: 'ES256', typ: 'dpop+jwt', jwk: publicJwk })
+      .sign(privateKey);
+
+    const authResp = await fetch(t.url, {
+      headers: {
+        'Authorization': 'DPoP ' + access_token,
+        'DPoP': dpopProof,
+        'Accept': 'text/turtle',
+      },
+    });
+    console.log('With DPoP:', authResp.status);
+    
+    const wwwAuth = authResp.headers.get('www-authenticate');
+    if (wwwAuth) {
+      console.log('WWW-Auth:', wwwAuth);
+    }
+  }
+
+  // Now compare the same tests on solidweb.org
+  console.log('\n\n=== Comparison: Same tests on solidweb.org ===\n');
+
+  const swTests = [
+    { url: 'https://solidweb.org/', name: 'root (public)' },
+    { url: 'https://solid-chat.solidweb.org/', name: 'solid-chat pod root' },
+  ];
+
+  for (const t of swTests) {
+    console.log('\n--- ' + t.name + ' ---');
+    console.log('URL:', t.url);
+
+    // Without auth
+    const noAuthResp = await fetch(t.url, {
+      headers: { 'Accept': 'text/turtle' },
+    });
+    console.log('Without auth:', noAuthResp.status);
+
+    // With DPoP
+    const dpopProof = await new jose.SignJWT({
+      htm: 'GET',
+      htu: t.url,
+      iat: Math.floor(Date.now() / 1000),
+      jti: crypto.randomUUID(),
+    })
+      .setProtectedHeader({ alg: 'ES256', typ: 'dpop+jwt', jwk: publicJwk })
+      .sign(privateKey);
+
+    const authResp = await fetch(t.url, {
+      headers: {
+        'Authorization': 'DPoP ' + access_token,
+        'DPoP': dpopProof,
+        'Accept': 'text/turtle',
+      },
+    });
+    console.log('With DPoP:', authResp.status);
+    
+    const wwwAuth = authResp.headers.get('www-authenticate');
+    if (wwwAuth) {
+      console.log('WWW-Auth:', wwwAuth);
+    }
+  }
+}
+
+test().catch(console.error);

package/test/interop/webid-discovery.js

@@ -0,0 +1,58 @@
+/**
+ * Simulate what NSS does: fetch WebID profile and discover oidcIssuer
+ */
+const fetch = require('node-fetch');
+
+const WEBID = 'https://melvincarvalho.com/#me';
+
+async function test() {
+  console.log('=== WebID Profile Discovery Test ===\n');
+  
+  // Fetch WebID profile (what NSS does)
+  console.log('1. Fetching WebID profile:', WEBID);
+  
+  const response = await fetch(WEBID.split('#')[0], {
+    headers: {
+      'Accept': 'text/turtle, application/ld+json, */*',
+    },
+  });
+  
+  console.log('   Status:', response.status);
+  console.log('   Content-Type:', response.headers.get('content-type'));
+  
+  const body = await response.text();
+  console.log('   Content length:', body.length);
+  
+  // Check for solid:oidcIssuer
+  console.log('\n2. Looking for solid:oidcIssuer...');
+  
+  // Look for the triple
+  const oidcIssuerMatch = body.match(/solid:oidcIssuer\s+<([^>]+)>/);
+  if (oidcIssuerMatch) {
+    console.log('   Found: solid:oidcIssuer <' + oidcIssuerMatch[1] + '>');
+  } else {
+    console.log('   Pattern 1 not found, trying other patterns...');
+    
+    // Try full URI pattern
+    const fullUriMatch = body.match(/http:\/\/www\.w3\.org\/ns\/solid\/terms#oidcIssuer[^<]+<([^>]+)>/);
+    if (fullUriMatch) {
+      console.log('   Found via full URI: <' + fullUriMatch[1] + '>');
+    }
+  }
+  
+  // Show relevant lines
+  console.log('\n3. Relevant lines from profile:');
+  const lines = body.split('\n');
+  for (const line of lines) {
+    if (line.includes('oidcIssuer') || line.includes('solid:') || line.includes('@prefix solid')) {
+      console.log('   ' + line.trim());
+    }
+  }
+  
+  // Also check CORS headers
+  console.log('\n4. CORS headers:');
+  console.log('   Access-Control-Allow-Origin:', response.headers.get('access-control-allow-origin') || 'NOT SET');
+  console.log('   Access-Control-Allow-Credentials:', response.headers.get('access-control-allow-credentials') || 'NOT SET');
+}
+
+test().catch(console.error);