solid-server 5.8.8-8b04c020 → 5.8.8-a4d2fc6d

package/eslint.config.mjs

@@ -99,4 +99,4 @@ export default [
       'resources/**'
     ]
   }
-]
+]

package/lib/acl-checker.mjs

@@ -9,6 +9,7 @@ import aclCheck from '@solid/acl-check'
 import Url, { URL } from 'url'
 import { promisify } from 'util'
 import fs from 'fs'
+import httpFetch from 'node-fetch'
 
 export const DEFAULT_ACL_SUFFIX = '.acl'
 const ACL = rdf.Namespace('http://www.w3.org/ns/auth/acl#')
@@ -307,7 +308,7 @@ function fetchLocalOrRemote (mapper, serverUri) {
       body = await promisify(fs.readFile)(path, { encoding: 'utf8' })
     } else {
       // Fetch the acl from the internet
-      const response = await fetch(url)
+      const response = await httpFetch(url)
       body = await response.text()
       contentType = response.headers.get('content-type')
     }

package/lib/create-server.mjs

@@ -65,8 +65,8 @@ function createServer (argv, app) {
     }
 
     const credentials = Object.assign({
-      key,
-      cert
+      key: key,
+      cert: cert
     }, argv)
 
     if (ldp.webid && ldp.auth === 'tls') {

package/lib/handlers/cors-proxy.mjs

@@ -3,7 +3,7 @@ import cors from 'cors'
 import debug from '../debug.mjs'
 import url from 'url'
 import dns from 'dns'
-import { isIP } from 'is-ip'
+import isIp from 'is-ip'
 import ipRange from 'ip-range-check'
 import validUrl from 'valid-url'
 
@@ -73,7 +73,7 @@ function extractProxyConfig (req, res, next) {
 
   // Parse the URL and retrieve its host's IP address
   const { protocol, host, hostname, path } = url.parse(uri)
-  if (isIP(hostname)) {
+  if (isIp(hostname)) {
     addProxyConfig(null, hostname)
   } else {
     dns.lookup(hostname, addProxyConfig)

package/lib/handlers/get.mjs

@@ -2,7 +2,7 @@
 
 import { createRequire } from 'module'
 import fs from 'fs'
-import { glob, hasMagic } from 'glob'
+import glob from 'glob'
 import _path from 'path'
 import $rdf from 'rdflib'
 import Negotiator from 'negotiator'
@@ -37,7 +37,7 @@ export default async function handler (req, res, next) {
 
   res.header('Accept-Patch', 'text/n3, application/sparql-update, application/sparql-update-single-match')
   res.header('Accept-Post', '*/*')
-  if (!path.endsWith('/') && !hasMagic(path)) res.header('Accept-Put', '*/*')
+  if (!path.endsWith('/') && !glob.hasMagic(path)) res.header('Accept-Put', '*/*')
 
   // Set live updates
   if (ldp.live) {
@@ -48,9 +48,9 @@ export default async function handler (req, res, next) {
 
   const options = {
     hostname: req.hostname,
-    path,
-    includeBody,
-    possibleRDFType,
+    path: path,
+    includeBody: includeBody,
+    possibleRDFType: possibleRDFType,
     range: req.headers.range,
     contentType: req.headers.accept
   }
@@ -62,7 +62,7 @@ export default async function handler (req, res, next) {
     // set Accept-Put if container do not exist
     if (err.status === 404 && path.endsWith('/')) res.header('Accept-Put', 'text/turtle')
     // use globHandler if magic is detected
-    if (err.status === 404 && hasMagic(path)) {
+    if (err.status === 404 && glob.hasMagic(path)) {
       debug('forwarding to glob request')
       return globHandler(req, res, next)
     } else {
@@ -188,9 +188,8 @@ async function globHandler (req, res, next) {
     nodir: true
   }
 
-  try {
-    const matches = await glob(`${folderPath}*`, globOptions)
-    if (matches.length === 0) {
+  glob(`${folderPath}*`, globOptions, async (err, matches) => {
+    if (err || matches.length === 0) {
       debugGlob('No files matching the pattern')
       return next(HTTPError(404, 'No files matching glob pattern'))
     }
@@ -231,10 +230,7 @@ async function globHandler (req, res, next) {
 
     res.send(data)
     next()
-  } catch (err) {
-    debugGlob('Error during glob: ' + err)
-    return next(HTTPError(500, 'Error processing glob pattern'))
-  }
+  })
 }
 
 // TODO: get rid of this ugly hack that uses the Allow handler to check read permissions

package/lib/ldp.mjs

@@ -9,9 +9,10 @@ import debug from './debug.mjs'
 import error from './http-error.mjs'
 import { stringToStream, serialize, overQuota, getContentType, parse } from './utils.mjs'
 import extend from 'extend'
-import { rimraf } from 'rimraf'
+import rimraf from 'rimraf'
 import { exec } from 'child_process'
 import * as ldpContainer from './ldp-container.mjs'
+import fetch from 'node-fetch'
 import { promisify } from 'util'
 import withLock from './lock.mjs'
 import { clearAclCache } from './acl-checker.mjs'
@@ -543,7 +544,7 @@ class LDP {
 
     // Delete the directory recursively
     try {
-      await rimraf(directory)
+      await promisify(rimraf)(directory)
     } catch (err) {
       throw error(err, 'Failed to delete the container')
     }

package/lib/models/account-manager.mjs

@@ -258,7 +258,7 @@ class AccountManager {
         const emailData = {
           to: userAccount.email,
           webId: userAccount.webId,
-          deleteUrl
+          deleteUrl: deleteUrl
         }
         return this.emailService.sendWithTemplate('delete-account.mjs', emailData)
       })

package/lib/utils.mjs

@@ -289,7 +289,7 @@ export async function overQuota (root, serverUri) {
  * so it needs to be rewritten.
  */
 function actualSize (root) {
-  return getSize(root)
+  return util.promisify(getSize)(root)
 }
 
 function _asyncReadfile (filename) {

package/lib/webid/lib/get.mjs

@@ -1,3 +1,4 @@
+import fetch from 'node-fetch'
 import { URL } from 'url'
 
 export default function get (webid, callback) {

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "solid-server",
   "description": "Solid server on top of the file-system",
-  "version": "5.8.8-8b04c020",
+  "version": "5.8.8-a4d2fc6d",
   "author": {
     "name": "Tim Berners-Lee",
     "email": "timbl@w3.org"
@@ -59,14 +59,15 @@
   "homepage": "https://github.com/solid/node-solid-server",
   "bugs": "https://github.com/solid/node-solid-server/issues",
   "dependencies": {
-    "@fastify/busboy": "^3.2.0",
+    "@fastify/busboy": "^1.2.1",
     "@fastify/pre-commit": "^2.2.1",
     "@solid/acl-check": "^0.4.5",
-    "@solid/oidc-auth-manager": "^0.25.0",
-    "@solid/oidc-op": "^0.12.0",
+    "@solid/oidc-auth-manager": "^0.25.1",
+    "@solid/oidc-op": "^0.12.1",
     "@solid/oidc-rp": "^0.12.0",
+    "@solid/solid-multi-rp-client": "^0.7.0",
     "async-lock": "^1.4.1",
-    "body-parser": "^2.2.1",
+    "body-parser": "^1.20.4",
     "bootstrap": "^3.4.1",
     "cached-path-relative": "^1.1.0",
     "camelize": "^1.0.1",
@@ -75,6 +76,7 @@
     "commander": "^8.3.0",
     "cors": "^2.8.5",
     "debug": "^4.4.3",
+    "eslint": "^9.39.2",
     "express": "^4.22.1",
     "express-accept-events": "^0.3.0",
     "express-handlebars": "^5.3.5",
@@ -83,20 +85,21 @@
     "express-session": "^1.18.2",
     "extend": "^3.0.2",
     "from2": "^2.3.0",
-    "fs-extra": "^11.3.3",
-    "get-folder-size": "^5.0.0",
-    "glob": "^13.0.0",
+    "fs-extra": "^10.1.0",
+    "get-folder-size": "^2.0.1",
+    "glob": "^7.2.3",
     "global-tunnel-ng": "^2.7.1",
     "handlebars": "^4.7.8",
     "http-proxy-middleware": "^2.0.9",
     "inquirer": "^8.2.7",
     "into-stream": "^5.1.1",
     "ip-range-check": "0.2.0",
-    "is-ip": "^5.0.1",
+    "is-ip": "^2.0.0",
     "li": "^1.3.0",
     "mashlib": "^1.11.1",
-    "mime-types": "^3.0.2",
-    "negotiator": "^1.0.0",
+    "mime-types": "^2.1.35",
+    "negotiator": "^0.6.4",
+    "node-fetch": "^2.7.0",
     "node-forge": "^1.3.3",
     "node-mailer": "^0.1.1",
     "nodemailer": "^7.0.12",
@@ -104,13 +107,13 @@
     "owasp-password-strength-test": "^1.3.0",
     "rdflib": "^2.3.2",
     "recursive-readdir": "^2.2.3",
-    "rimraf": "^6.1.2",
+    "rimraf": "^3.0.2",
     "solid-auth-client": "^2.5.6",
     "solid-namespace": "^0.5.4",
     "solid-ws": "^0.4.3",
     "text-encoder-lite": "^2.0.0",
     "the-big-username-blacklist": "^1.5.2",
-    "ulid": "^3.0.2",
+    "ulid": "^2.4.0",
     "urijs": "^1.19.11",
     "uuid": "^13.0.0",
     "valid-url": "^1.0.9",
@@ -126,10 +129,9 @@
     "chai-as-promised": "7.1.2",
     "cross-env": "7.0.3",
     "dirty-chai": "2.0.1",
-    "eslint": "^9.39.2",
-    "globals": "^16.5.0",
+    "globals": "^17.0.0",
     "localstorage-memory": "1.0.3",
-    "mocha": "^11.7.5",
+    "mocha": "^10.8.2",
     "nock": "^13.5.6",
     "node-mocks-http": "^1.17.2",
     "prep-fetch": "^0.1.0",
@@ -137,9 +139,9 @@
     "sinon": "12.0.1",
     "sinon-chai": "3.7.0",
     "snyk": "^1.1301.2",
-    "supertest": "^7.1.4",
+    "supertest": "^6.3.4",
     "turtle-validator": "1.1.1",
-    "whatwg-url": "^15.1.0"
+    "whatwg-url": "11.0.0"
   },
   "pre-commit": [
     "lint"
@@ -155,7 +157,7 @@
     "build": "echo nothing to build",
     "solid": "node ./bin/solid",
     "lint": "eslint \"**/*.mjs\"",
-    "lint:fix": "eslint --fix \"**/*.mjs\"",
+    "lint-fix": "eslint --fix \"**/*.mjs\"",
     "validate": "node ./test/validate-turtle.mjs",
     "c8": "cross-env NODE_TLS_REJECT_UNAUTHORIZED=0 c8 --reporter=text-summary mocha --recursive test/unit/ test/integration/",
     "mocha": "cross-env NODE_TLS_REJECT_UNAUTHORIZED=0 mocha --recursive test/unit/ test/integration/",
@@ -192,6 +194,18 @@
       "node_modules/**"
     ]
   },
+  "standard": {
+    "globals": [
+      "after",
+      "afterEach",
+      "before",
+      "beforeEach",
+      "describe",
+      "it",
+      "fetch",
+      "AbortController"
+    ]
+  },
   "bin": {
     "solid": "bin/solid"
   },

package/test/index.mjs

@@ -1,5 +1,5 @@
 import fs from 'fs-extra'
-import { rimrafSync } from 'rimraf'
+import rimraf from 'rimraf'
 import path from 'path'
 import { fileURLToPath } from 'url'
 import OIDCProvider from '@solid/oidc-op'
@@ -7,6 +7,7 @@ import dns from 'dns'
 import ldnode from '../../index.mjs'
 // import ldnode from '../index.mjs'
 import supertest from 'supertest'
+import fetch from 'node-fetch'
 import https from 'https'
 
 const __filename = fileURLToPath(import.meta.url)
@@ -15,7 +16,7 @@ const __dirname = path.dirname(__filename)
 const TEST_HOSTS = ['nic.localhost', 'tim.localhost', 'nicola.localhost']
 
 export function rm (file) {
-  return rimrafSync(path.normalize(path.join(__dirname, '../resources/' + file)))
+  return rimraf.sync(path.normalize(path.join(__dirname, '../resources/' + file)))
 }
 
 export function cleanDir (dirPath) {

package/test/integration/acl-oidc-test.mjs

@@ -1,5 +1,6 @@
 import { assert } from 'chai'
 import fs from 'fs-extra'
+import fetch from 'node-fetch'
 import path from 'path'
 import { fileURLToPath } from 'url'
 import { loadProvider, rm, checkDnsSettings, cleanDir } from '../utils.mjs'
@@ -32,7 +33,7 @@ function fetchRequest (method, options, callback) {
       callback(null, {
         statusCode: res.status,
         headers: Object.fromEntries(res.headers.entries()),
-        body,
+        body: body,
         statusMessage: res.statusText
       }, body)
     })

package/test/integration/authentication-oidc-test.mjs

@@ -6,6 +6,7 @@ import { UserStore } from '@solid/oidc-auth-manager'
 import UserAccount from '../../lib/models/user-account.mjs'
 import SolidAuthOIDC from '@solid/solid-auth-oidc'
 
+import fetch from 'node-fetch'
 import localStorage from 'localstorage-memory'
 import { URL, URLSearchParams } from 'whatwg-url'
 import { cleanDir, cp } from '../utils.mjs'
@@ -641,7 +642,7 @@ describe('Authentication API (OIDC)', () => {
           // Since user is not logged in, /authorize redirects to /login
           expect(res.status).to.equal(302)
 
-          loginUri = new URL(res.headers.get('location'), aliceServerUri)
+          loginUri = new URL(res.headers.get('location'))
           expect(loginUri.toString().startsWith(aliceServerUri + '/login'))
             .to.be.true()
 
@@ -685,11 +686,8 @@ describe('Authentication API (OIDC)', () => {
       })
         .then(res => {
           expect(res.status).to.equal(302)
-          const location = res.headers.get('location')
-          postLoginUri = new URL(location, aliceServerUri).toString()
-          // Native fetch: get first set-cookie header
-          const setCookieHeaders = res.headers.getSetCookie ? res.headers.getSetCookie() : [res.headers.get('set-cookie')]
-          cookie = setCookieHeaders[0]
+          postLoginUri = res.headers.get('location')
+          cookie = res.headers.get('set-cookie')
 
           // Successful login gets redirected back to /authorize and then
           // back to app
@@ -714,8 +712,7 @@ describe('Authentication API (OIDC)', () => {
       })
         .then(res => {
           expect(res.status).to.equal(302)
-          const location = res.headers.get('location')
-          postSharingUri = new URL(location, aliceServerUri).toString()
+          postSharingUri = res.headers.get('location')
           // cookie = res.headers.get('set-cookie')
 
           // Successful login gets redirected back to /authorize and then
@@ -727,8 +724,7 @@ describe('Authentication API (OIDC)', () => {
         .then(res => {
         // User gets redirected back to original app
           expect(res.status).to.equal(302)
-          const location = res.headers.get('location')
-          callbackUri = location.startsWith('http') ? location : new URL(location, aliceServerUri).toString()
+          callbackUri = res.headers.get('location')
           expect(callbackUri.startsWith('https://app.example.com#'))
         })
     })

package/test/integration/authentication-oidc-with-strict-origins-turned-off-test.mjs

@@ -6,6 +6,7 @@ import { UserStore } from '@solid/oidc-auth-manager'
 import UserAccount from '../../lib/models/user-account.mjs'
 import SolidAuthOIDC from '@solid/solid-auth-oidc'
 
+import fetch from 'node-fetch'
 import localStorage from 'localstorage-memory'
 import { URL, URLSearchParams } from 'whatwg-url'
 import { cleanDir, cp } from '../utils.mjs'
@@ -462,7 +463,7 @@ describe('Authentication API (OIDC) - With strict origins turned off', () => {
           // Since user is not logged in, /authorize redirects to /login
           expect(res.status).to.equal(302)
 
-          loginUri = new URL(res.headers.get('location'), aliceServerUri)
+          loginUri = new URL(res.headers.get('location'))
           expect(loginUri.toString().startsWith(aliceServerUri + '/login'))
             .to.be.true()
 
@@ -506,11 +507,8 @@ describe('Authentication API (OIDC) - With strict origins turned off', () => {
       })
         .then(res => {
           expect(res.status).to.equal(302)
-          const location = res.headers.get('location')
-          postLoginUri = new URL(location, aliceServerUri).toString()
-          // Native fetch: get first set-cookie header
-          const setCookieHeaders = res.headers.getSetCookie ? res.headers.getSetCookie() : [res.headers.get('set-cookie')]
-          cookie = setCookieHeaders[0]
+          postLoginUri = res.headers.get('location')
+          cookie = res.headers.get('set-cookie')
 
           // Successful login gets redirected back to /authorize and then
           // back to app
@@ -535,23 +533,20 @@ describe('Authentication API (OIDC) - With strict origins turned off', () => {
       })
         .then(res => {
           expect(res.status).to.equal(302)
-          const location = res.headers.get('location')
-          const postSharingUri = new URL(location, aliceServerUri).toString()
-          const setCookieHeaders = res.headers.getSetCookie ? res.headers.getSetCookie() : [res.headers.get('set-cookie')]
-          const cookieFromSharing = setCookieHeaders[0] || cookie
+          const postLoginUri = res.headers.get('location')
+          const cookie = res.headers.get('set-cookie')
 
           // Successful login gets redirected back to /authorize and then
           // back to app
-          expect(postSharingUri.startsWith(aliceServerUri + '/authorize'))
+          expect(postLoginUri.startsWith(aliceServerUri + '/authorize'))
             .to.be.true()
 
-          return fetch(postSharingUri, { redirect: 'manual', headers: { cookie: cookieFromSharing } })
+          return fetch(postLoginUri, { redirect: 'manual', headers: { cookie } })
         })
         .then(res => {
         // User gets redirected back to original app
           expect(res.status).to.equal(302)
-          const location = res.headers.get('location')
-          callbackUri = location.startsWith('http') ? location : new URL(location, aliceServerUri).toString()
+          callbackUri = res.headers.get('location')
           expect(callbackUri.startsWith('https://app.example.com#'))
         })
     })

package/test/integration/http-copy-test.mjs

@@ -52,8 +52,8 @@ describe('HTTP COPY API', function () {
 
   function createOptions (method, url, user) {
     const options = {
-      method,
-      url,
+      method: method,
+      url: url,
       headers: {}
     }
     if (user) {

package/test/integration/oidc-manager-test.mjs

@@ -1,5 +1,6 @@
 import { fileURLToPath } from 'url'
 import path from 'path'
+import { URL } from 'url'
 import chai from 'chai'
 import fs from 'fs-extra'
 import { fromServerConfig } from '../../lib/models/oidc-manager.mjs'
@@ -37,5 +38,98 @@ describe('OidcManager', () => {
       expect(oidc.users.backend.path.endsWith('db/oidc/users'))
       expect(oidc.users.saltRounds).to.equal(saltRounds)
     })
+
+    it('should set the provider issuer which is used for iss claim in tokens', () => {
+      const providerUri = 'https://pivot-test.solidproject.org:8443'
+      const host = SolidHost.from({ serverUri: providerUri })
+
+      const saltRounds = 5
+      const argv = {
+        host,
+        dbPath,
+        saltRounds
+      }
+
+      const oidc = fromServerConfig(argv)
+
+      // Verify the issuer is set correctly for RFC 9207 compliance
+      // The iss claim in tokens should match this issuer value
+      expect(oidc.provider.issuer).to.exist
+      expect(oidc.provider.issuer).to.not.be.null
+      expect(oidc.provider.issuer).to.equal(providerUri)
+      console.log('Provider issuer (used for iss claim):', oidc.provider.issuer)
+    })
+  })
+
+  describe('RFC 9207 - Authorization redirect with iss parameter', () => {
+    it('should include iss parameter when redirecting after authorization', async () => {
+      const providerUri = 'https://localhost:8443'
+      const host = SolidHost.from({ providerUri })
+
+      const argv = {
+        host,
+        dbPath,
+        saltRounds: 5
+      }
+
+      const oidc = fromServerConfig(argv)
+
+      // Dynamically import BaseRequest from oidc-op
+      const { default: BaseRequest } = await import('@solid/oidc-op/src/handlers/BaseRequest.js')
+
+      // Create a mock request/response to test the redirect behavior
+      const mockReq = {
+        method: 'GET',
+        query: {
+          response_type: 'code',
+          redirect_uri: 'https://app.example.com/callback',
+          client_id: 'https://app.example.com',
+          state: 'test-state'
+        }
+      }
+
+      const mockRes = {
+        redirectCalled: false,
+        redirectUrl: '',
+        redirect (url) {
+          this.redirectCalled = true
+          this.redirectUrl = url
+        }
+      }
+
+      const request = new BaseRequest(mockReq, mockRes, oidc.provider)
+      request.params = mockReq.query
+
+      // Simulate a successful authorization by calling redirect with auth data
+      try {
+        request.redirect({ code: 'test-auth-code' })
+      } catch (err) {
+        // The redirect throws a HandledError, which is expected behavior
+        // We just need to check that the redirect was called with the right URL
+      }
+
+      expect(mockRes.redirectCalled).to.be.true
+      expect(mockRes.redirectUrl).to.exist
+
+      // Parse the redirect URL to check for iss parameter
+      const redirectUrl = new URL(mockRes.redirectUrl)
+
+      // The iss parameter can be in either the query string or hash fragment
+      // depending on the response_mode (query or fragment)
+      let issParam = redirectUrl.searchParams.get('iss')
+      if (!issParam && redirectUrl.hash) {
+        // Check in the hash fragment
+        const hashParams = new URLSearchParams(redirectUrl.hash.substring(1))
+        issParam = hashParams.get('iss')
+      }
+
+      console.log('Redirect URL:', mockRes.redirectUrl)
+      console.log('RFC 9207 - iss parameter in redirect:', issParam)
+
+      // RFC 9207: The iss parameter MUST be present and match the provider issuer
+      expect(issParam, 'RFC 9207: iss parameter must be present in authorization response').to.exist
+      expect(issParam).to.not.be.null
+      expect(issParam).to.equal(providerUri)
+    })
   })
-})
+})

package/test/resources/accounts/db/oidc/op/clients/{_key_5679b38cc39322649b358828e549f081.json → _key_e989e9f58cf29869c56a68ceb4256b69.json}

@@ -1 +1 @@
-{"redirect_uris":["https://localhost:3457/api/oidc/rp/https%3A%2F%2Flocalhost%3A3457"],"client_id":"5679b38cc39322649b358828e549f081","client_secret":"f629b925f82ee6f962d47e08bc54b6ad","response_types":["code","id_token token","code id_token token"],"grant_types":["authorization_code","implicit","refresh_token","client_credentials"],"application_type":"web","client_name":"Solid OIDC RP for https://localhost:3457","id_token_signed_response_alg":"RS256","token_endpoint_auth_method":"client_secret_basic","default_max_age":86400,"post_logout_redirect_uris":["https://localhost:3457/goodbye"]}
+{"redirect_uris":["https://localhost:3457/api/oidc/rp/https%3A%2F%2Flocalhost%3A3457"],"client_id":"e989e9f58cf29869c56a68ceb4256b69","client_secret":"83b4b30768f1e17b70b54812242c757c","response_types":["code","id_token token","code id_token token"],"grant_types":["authorization_code","implicit","refresh_token","client_credentials"],"application_type":"web","client_name":"Solid OIDC RP for https://localhost:3457","id_token_signed_response_alg":"RS256","token_endpoint_auth_method":"client_secret_basic","default_max_age":86400,"post_logout_redirect_uris":["https://localhost:3457/goodbye"]}

package/test/resources/accounts/db/oidc/rp/clients/_key_https%3A%2F%2Flocalhost%3A3457.json

@@ -1 +1 @@
-{"provider":{"url":"https://localhost:3457","configuration":{"issuer":"https://localhost:3457","jwks_uri":"https://localhost:3457/jwks","scopes_supported":["openid","offline_access"],"response_types_supported":["code","code token","code id_token","id_token","id_token token","code id_token token","none"],"token_types_supported":["legacyPop","dpop"],"response_modes_supported":["query","fragment"],"grant_types_supported":["authorization_code","implicit","refresh_token","client_credentials"],"subject_types_supported":["public"],"id_token_signing_alg_values_supported":["RS256","RS384","RS512","none"],"token_endpoint_auth_methods_supported":["client_secret_basic"],"token_endpoint_auth_signing_alg_values_supported":["RS256"],"display_values_supported":[],"claim_types_supported":["normal"],"claims_supported":[],"claims_parameter_supported":false,"request_parameter_supported":true,"request_uri_parameter_supported":false,"require_request_uri_registration":false,"check_session_iframe":"https://localhost:3457/session","end_session_endpoint":"https://localhost:3457/logout","authorization_endpoint":"https://localhost:3457/authorize","token_endpoint":"https://localhost:3457/token","userinfo_endpoint":"https://localhost:3457/userinfo","registration_endpoint":"https://localhost:3457/register"},"jwks":{"keys":[{"kid":"lNZOB-DPE1k","kty":"RSA","alg":"RS256","n":"uvih8HfZj7Wu5Y8knLHxRY6v7oHL2jXWD-B6hXCreYhwaG9EEUt6Rp94p8-JBug3ywo8C_9dNg0RtQLEttcIC_vhqqlJI3pZxpGKXuD9h7XK-PppFVvgnfIGADG0Z-WzbcGDxlefStohR31Hjw5U3ioG3VtXGAYbqlOHM1l2UgDMJwBD5qwFmPP8gp5E2WQKCsuLvxDuOrkAbSDjw2zaI3RRmbLzdj4QkGej8GXhBptgM9RwcKmnoXu0sUdlootmcdiEg74yQ9M6EshNMhiv4k_W0rl7RqVOEL2PsAdmdbF_iWL8a90rGYOEILBrlU6bBR2mTvjV_Hvq-ifFy1YAmQ","e":"AQAB","key_ops":["verify"],"ext":true},{"kid":"Y38YKDtydoE","kty":"RSA","alg":"RS384","n":"tfgZKLjc8UMIblfAlVibJI_2uAxDNprn2VVLebS0sp6d1mtCXQkMYLlJ6e-7kavl8we391Ovnq5bRgpsFRq_LtRX9MpVlfioAUHwWPEG-R6vrQjgo4uynVhI3UEPHyNmZA5J4u34HNVTfAgmquomwwOmOv29ZNRxuYP1kVtscz1JeFPwg6LA7BxWrLc9ev4FQR6tjJKdo2kdLjAXR92odbCzJZ_jdYT3vIVCexMHxhoKnqCImkhfgKbGXcPHXWcelmuA2tzBaLut-Jjo0nJVQjRNDqy0Gyac0TptwFIxaiyHeTqugolUmEaJSfBSLszIRdlOTIGPJ7zdg5dJFK_Lxw","e":"AQAB","key_ops":["verify"],"ext":true},{"kid":"WyMVv6BJ5Dk","kty":"RSA","alg":"RS512","n":"5JDlpbm2TjSW1wpdUZc5NHOqVVrNH_GumoODK_mk-MqImaIRpdR9b1ZJrK6FrW7HIF2bXvebD7olmp9a1goqe-ILbL_ORmhzlhRtyhjWQ-UOZqK5yOXqXXGQXgmok6TN-s55A-h_g12A7Yk5Y5S8EVa9EA4Axwqvm-Q_AkH0yS1qJo6BXYXb1fx205ucx-Ccot2LEBfxv8M7NOFTa-_G-sNchiKQMRoLhbZtLbSK2R1jkqGciEiRSLeXNG4nDu7Wd91-vhBixA1McxnzW96mW8lQwNXXo4gNH7SjONtYLlPQhZVEbmsQmXrOQN8a5RDkybFOIsbucItizSE9V_D7WQ","e":"AQAB","key_ops":["verify"],"ext":true},{"kid":"UykSj_HLgFA","kty":"RSA","alg":"RS256","n":"u79eQlGJN2XFNR-uEmPVtrB_ENRqaS81o6m63tZ5-PwhGHCwJ7rfVnnnvf6Ij_p91Z9pNpWBIVyZcw6UmQIoIBH-3BfxdaqhBxX9bf_N78TKj8_HU5IYjGijale4gog3kj9W2tJJO7R9iA43msjwLRD7pbAHp1iKFJgVTSXJlyLRbC82Dj4ivsEgJjPGvZt16OsGP5myIQwXEGzSPcEI0R9daZE5iM6xFZosaJ8B77eU-Aj3ciwxUBPi5BSZi2P1ZsF4QgSj3N7ZLbVKNW4FFr84IamA2YI0D7PyyNAE2PUZT8n0jHWRJKunuZuy5mgBY8H41KdBI6gNJqY90nHeJw","e":"AQAB","key_ops":["verify"],"ext":true},{"kid":"BJDNTt8RpPE","kty":"RSA","alg":"RS384","n":"nXTd5AoT220nBkW6Zeax8caUI7_Tt0y4v9TEW8TOrzCVvhLBiKpQPjILUTfkGHzxPtysEzDQFSYdHWvg_fvGYItjJBunBMsKCNcb2_CDr2HXD6C0s62bAgct8bBSoaT1MLQ_3MaFKXSF3ZuB87X2B8CVUJ386HP2GY1kl54BuMdFELNZYhy9S_D0KHnQls52Vvb99X9WaYOyxvfr03PG-9EycnkWas5tn1pPFzT0DtJtBJ4IBtXQxTr98jpn_MCz1gRnMgzzkfSOcrMkkMXxePqxNINVKFXtRy7DaJiFOcCMbuK2RJUkSfY2uKcx0aKbp5Xhvix1W8N7c0Y90i6_6w","e":"AQAB","key_ops":["verify"],"ext":true},{"kid":"z8iijSOOIs4","kty":"RSA","alg":"RS512","n":"rPCHP9XeTGOLf1Ezxeq_bdGdvYQZa993YcSVudT0EN6drTWqjykhUVEkT4MGAvLvax38kLARbPUTgMUV9UckDDWn6lRq4q6IZ5pytNOieQKZHzjEmQGzlbnEn1F2m1i5SAfBL-qsnt5q2RXMAiIUXk9q1ChJEHJxOZxnRIoQMc7yTsjjSdtIZKePFiYFn0nsl3A234ByyIBRjzZeoYEtTQKjDR7fP9LO78oZAgpwoGqmfI4IltqQYkFoqrN8I8l1yiJGyuvZRgDXUZ2fxGOQx2WD4xvlFL2TOCfN1UaPE9R4JdbRLLAOf5u1Sqnh4XTjDBhBbVodsmmbtvk4wFo-GQ","e":"AQAB","key_ops":["verify"],"ext":true},{"kid":"zD76wa11A2Y","kty":"RSA","alg":"RS256","n":"nMaSioq1An1J3tbkmc-zRrR8lkbP-WUVRuYhDxQvV-OcBw1R6cdyCcoeFJ1zuUT7ne6BlU6GMPRHuRKaH0KuOaiktUYtXm06T_HvtKFgCQSAKjMUj_ZHfTAJP8ahUsIc0D995XKp7nIGRF7Iy7I24QQFPRh7PmGlREZ52GJgYQgbm020-sWani0MqHoUFBlWxZW9NEqY1c3brN_qWnzjRKly6Kkk3sW1XHPcRLvoHnHQ6TKXJ8pfl-bNjTfK6zq9fDCZ_TY3qQZy66yT_2XPO6X0GHTdJsZlCj7Jg0qrilTHUkJra1bppTSAtVSQnSmYt_IV8zOYiVdJ3kw2khPcKw","e":"AQAB","key_ops":["verify"],"ext":true}]}},"defaults":{},"registration":{"redirect_uris":["https://localhost:3457/api/oidc/rp/https%3A%2F%2Flocalhost%3A3457"],"client_id":"5679b38cc39322649b358828e549f081","client_secret":"f629b925f82ee6f962d47e08bc54b6ad","response_types":["code","id_token token","code id_token token"],"grant_types":["authorization_code","implicit","refresh_token","client_credentials"],"application_type":"web","client_name":"Solid OIDC RP for https://localhost:3457","id_token_signed_response_alg":"RS256","token_endpoint_auth_method":"client_secret_basic","default_max_age":86400,"post_logout_redirect_uris":["https://localhost:3457/goodbye"],"registration_access_token":"eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwczovL2xvY2FsaG9zdDozNDU3IiwiYXVkIjoiNTY3OWIzOGNjMzkzMjI2NDliMzU4ODI4ZTU0OWYwODEiLCJzdWIiOiI1Njc5YjM4Y2MzOTMyMjY0OWIzNTg4MjhlNTQ5ZjA4MSJ9.MpuY81L7hTqnkPYlNqb7K-Xi2iQypO85NJHle2K0lytw_OHiqJuViPzreXhPLA1zKsHzzX6km63w0U321mBu9zXrzeIFmUI0Jnld_sB6nRkdRWM0D--fw4iNJFPP-oe1n2y_f-7yzvgbRq3PimIgldpUPb_gRfAc5WiI6LiB2aAXuCTtlQiU4d6BvqIuMv0m1eha1sBWX7cqarMri9tQX5JrAmixWRXpmUI-R1ZCTkboVhNcxrlQ7nqXlD_7btsY55ww4XfeeTYJ9Ywq0JJnKvOu8Shz4se0cka0vivyOzurx6tWHbezpDH6a05QjOsMu-yIYxHnyIBesRfyYPCd9w","registration_client_uri":"https://localhost:3457/register/5679b38cc39322649b358828e549f081","client_id_issued_at":1766874050,"client_secret_expires_at":0},"store":{}}
+{"provider":{"url":"https://localhost:3457","configuration":{"issuer":"https://localhost:3457","jwks_uri":"https://localhost:3457/jwks","scopes_supported":["openid","offline_access"],"response_types_supported":["code","code token","code id_token","id_token","id_token token","code id_token token","none"],"token_types_supported":["legacyPop","dpop"],"response_modes_supported":["query","fragment"],"grant_types_supported":["authorization_code","implicit","refresh_token","client_credentials"],"subject_types_supported":["public"],"id_token_signing_alg_values_supported":["RS256","RS384","RS512","none"],"token_endpoint_auth_methods_supported":["client_secret_basic"],"token_endpoint_auth_signing_alg_values_supported":["RS256"],"display_values_supported":[],"claim_types_supported":["normal"],"claims_supported":[],"claims_parameter_supported":false,"request_parameter_supported":true,"request_uri_parameter_supported":false,"require_request_uri_registration":false,"check_session_iframe":"https://localhost:3457/session","end_session_endpoint":"https://localhost:3457/logout","authorization_endpoint":"https://localhost:3457/authorize","token_endpoint":"https://localhost:3457/token","userinfo_endpoint":"https://localhost:3457/userinfo","registration_endpoint":"https://localhost:3457/register"},"jwks":{"keys":[{"kid":"lNZOB-DPE1k","kty":"RSA","alg":"RS256","n":"uvih8HfZj7Wu5Y8knLHxRY6v7oHL2jXWD-B6hXCreYhwaG9EEUt6Rp94p8-JBug3ywo8C_9dNg0RtQLEttcIC_vhqqlJI3pZxpGKXuD9h7XK-PppFVvgnfIGADG0Z-WzbcGDxlefStohR31Hjw5U3ioG3VtXGAYbqlOHM1l2UgDMJwBD5qwFmPP8gp5E2WQKCsuLvxDuOrkAbSDjw2zaI3RRmbLzdj4QkGej8GXhBptgM9RwcKmnoXu0sUdlootmcdiEg74yQ9M6EshNMhiv4k_W0rl7RqVOEL2PsAdmdbF_iWL8a90rGYOEILBrlU6bBR2mTvjV_Hvq-ifFy1YAmQ","e":"AQAB","key_ops":["verify"],"ext":true},{"kid":"Y38YKDtydoE","kty":"RSA","alg":"RS384","n":"tfgZKLjc8UMIblfAlVibJI_2uAxDNprn2VVLebS0sp6d1mtCXQkMYLlJ6e-7kavl8we391Ovnq5bRgpsFRq_LtRX9MpVlfioAUHwWPEG-R6vrQjgo4uynVhI3UEPHyNmZA5J4u34HNVTfAgmquomwwOmOv29ZNRxuYP1kVtscz1JeFPwg6LA7BxWrLc9ev4FQR6tjJKdo2kdLjAXR92odbCzJZ_jdYT3vIVCexMHxhoKnqCImkhfgKbGXcPHXWcelmuA2tzBaLut-Jjo0nJVQjRNDqy0Gyac0TptwFIxaiyHeTqugolUmEaJSfBSLszIRdlOTIGPJ7zdg5dJFK_Lxw","e":"AQAB","key_ops":["verify"],"ext":true},{"kid":"WyMVv6BJ5Dk","kty":"RSA","alg":"RS512","n":"5JDlpbm2TjSW1wpdUZc5NHOqVVrNH_GumoODK_mk-MqImaIRpdR9b1ZJrK6FrW7HIF2bXvebD7olmp9a1goqe-ILbL_ORmhzlhRtyhjWQ-UOZqK5yOXqXXGQXgmok6TN-s55A-h_g12A7Yk5Y5S8EVa9EA4Axwqvm-Q_AkH0yS1qJo6BXYXb1fx205ucx-Ccot2LEBfxv8M7NOFTa-_G-sNchiKQMRoLhbZtLbSK2R1jkqGciEiRSLeXNG4nDu7Wd91-vhBixA1McxnzW96mW8lQwNXXo4gNH7SjONtYLlPQhZVEbmsQmXrOQN8a5RDkybFOIsbucItizSE9V_D7WQ","e":"AQAB","key_ops":["verify"],"ext":true},{"kid":"UykSj_HLgFA","kty":"RSA","alg":"RS256","n":"u79eQlGJN2XFNR-uEmPVtrB_ENRqaS81o6m63tZ5-PwhGHCwJ7rfVnnnvf6Ij_p91Z9pNpWBIVyZcw6UmQIoIBH-3BfxdaqhBxX9bf_N78TKj8_HU5IYjGijale4gog3kj9W2tJJO7R9iA43msjwLRD7pbAHp1iKFJgVTSXJlyLRbC82Dj4ivsEgJjPGvZt16OsGP5myIQwXEGzSPcEI0R9daZE5iM6xFZosaJ8B77eU-Aj3ciwxUBPi5BSZi2P1ZsF4QgSj3N7ZLbVKNW4FFr84IamA2YI0D7PyyNAE2PUZT8n0jHWRJKunuZuy5mgBY8H41KdBI6gNJqY90nHeJw","e":"AQAB","key_ops":["verify"],"ext":true},{"kid":"BJDNTt8RpPE","kty":"RSA","alg":"RS384","n":"nXTd5AoT220nBkW6Zeax8caUI7_Tt0y4v9TEW8TOrzCVvhLBiKpQPjILUTfkGHzxPtysEzDQFSYdHWvg_fvGYItjJBunBMsKCNcb2_CDr2HXD6C0s62bAgct8bBSoaT1MLQ_3MaFKXSF3ZuB87X2B8CVUJ386HP2GY1kl54BuMdFELNZYhy9S_D0KHnQls52Vvb99X9WaYOyxvfr03PG-9EycnkWas5tn1pPFzT0DtJtBJ4IBtXQxTr98jpn_MCz1gRnMgzzkfSOcrMkkMXxePqxNINVKFXtRy7DaJiFOcCMbuK2RJUkSfY2uKcx0aKbp5Xhvix1W8N7c0Y90i6_6w","e":"AQAB","key_ops":["verify"],"ext":true},{"kid":"z8iijSOOIs4","kty":"RSA","alg":"RS512","n":"rPCHP9XeTGOLf1Ezxeq_bdGdvYQZa993YcSVudT0EN6drTWqjykhUVEkT4MGAvLvax38kLARbPUTgMUV9UckDDWn6lRq4q6IZ5pytNOieQKZHzjEmQGzlbnEn1F2m1i5SAfBL-qsnt5q2RXMAiIUXk9q1ChJEHJxOZxnRIoQMc7yTsjjSdtIZKePFiYFn0nsl3A234ByyIBRjzZeoYEtTQKjDR7fP9LO78oZAgpwoGqmfI4IltqQYkFoqrN8I8l1yiJGyuvZRgDXUZ2fxGOQx2WD4xvlFL2TOCfN1UaPE9R4JdbRLLAOf5u1Sqnh4XTjDBhBbVodsmmbtvk4wFo-GQ","e":"AQAB","key_ops":["verify"],"ext":true},{"kid":"zD76wa11A2Y","kty":"RSA","alg":"RS256","n":"nMaSioq1An1J3tbkmc-zRrR8lkbP-WUVRuYhDxQvV-OcBw1R6cdyCcoeFJ1zuUT7ne6BlU6GMPRHuRKaH0KuOaiktUYtXm06T_HvtKFgCQSAKjMUj_ZHfTAJP8ahUsIc0D995XKp7nIGRF7Iy7I24QQFPRh7PmGlREZ52GJgYQgbm020-sWani0MqHoUFBlWxZW9NEqY1c3brN_qWnzjRKly6Kkk3sW1XHPcRLvoHnHQ6TKXJ8pfl-bNjTfK6zq9fDCZ_TY3qQZy66yT_2XPO6X0GHTdJsZlCj7Jg0qrilTHUkJra1bppTSAtVSQnSmYt_IV8zOYiVdJ3kw2khPcKw","e":"AQAB","key_ops":["verify"],"ext":true}]}},"defaults":{},"registration":{"redirect_uris":["https://localhost:3457/api/oidc/rp/https%3A%2F%2Flocalhost%3A3457"],"client_id":"e989e9f58cf29869c56a68ceb4256b69","client_secret":"83b4b30768f1e17b70b54812242c757c","response_types":["code","id_token token","code id_token token"],"grant_types":["authorization_code","implicit","refresh_token","client_credentials"],"application_type":"web","client_name":"Solid OIDC RP for https://localhost:3457","id_token_signed_response_alg":"RS256","token_endpoint_auth_method":"client_secret_basic","default_max_age":86400,"post_logout_redirect_uris":["https://localhost:3457/goodbye"],"registration_access_token":"eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwczovL2xvY2FsaG9zdDozNDU3IiwiYXVkIjoiZTk4OWU5ZjU4Y2YyOTg2OWM1NmE2OGNlYjQyNTZiNjkiLCJzdWIiOiJlOTg5ZTlmNThjZjI5ODY5YzU2YTY4Y2ViNDI1NmI2OSJ9.QMK440DC5sYY5ArnaA_K5NkJ9lDVup3mw0fXUfiM0lHpaflb6bkyAPU8WQ5qYKTlwE_eaNkHqXRugo46ImlexqvyhUzXsrf2jXUBLbAtBVJ48JQ1pICntm5x2hAntTqcvFj5xKTPGb8DbiN7Tu71igSj5EjoIETQDPh75bbNBSe-qabAsWiZiPIQkJz90A7H4DyYQ3MNMeXkRhbNMwB4V0dKUUdMn1N8tTpkT2zyKQ8OYqTlX8xWcT5Zro0CBY-CiEZqFTaGMNlD2WfLLaJPRanuzgBP898zzfUtw9ABsc-H5KWc0hYEXBhmobPAK0BhvhMbf9fHzXyx-J2-p1tZzw","registration_client_uri":"https://localhost:3457/register/e989e9f58cf29869c56a68ceb4256b69","client_id_issued_at":1767346119,"client_secret_expires_at":0},"store":{}}

package/test/resources/accounts-scenario/alice/db/oidc/op/clients/{_key_cbb43052dfa98178e38cdbc019e04265.json → _key_a31de046443144df66179553447ffed2.json}

@@ -1 +1 @@
-{"redirect_uris":["https://localhost:7000/api/oidc/rp/https%3A%2F%2Flocalhost%3A7000"],"client_id":"cbb43052dfa98178e38cdbc019e04265","client_secret":"c0ded015927eba4dbc4ddf3e9bd73e29","response_types":["code","id_token token","code id_token token"],"grant_types":["authorization_code","implicit","refresh_token","client_credentials"],"application_type":"web","client_name":"Solid OIDC RP for https://localhost:7000","id_token_signed_response_alg":"RS256","token_endpoint_auth_method":"client_secret_basic","default_max_age":86400,"post_logout_redirect_uris":["https://localhost:7000/goodbye"]}
+{"redirect_uris":["https://localhost:7000/api/oidc/rp/https%3A%2F%2Flocalhost%3A7000"],"client_id":"a31de046443144df66179553447ffed2","client_secret":"71e7cb977973f1095ffbcfdaec210bac","response_types":["code","id_token token","code id_token token"],"grant_types":["authorization_code","implicit","refresh_token","client_credentials"],"application_type":"web","client_name":"Solid OIDC RP for https://localhost:7000","id_token_signed_response_alg":"RS256","token_endpoint_auth_method":"client_secret_basic","default_max_age":86400,"post_logout_redirect_uris":["https://localhost:7000/goodbye"]}