Jeffrey YasskinDec 9
I see the #Solid project is going great (sarcasm). I picked a host from https://solidproject.org/get_a_pod that hasn't pivoted to AI (cough #Inrupt cough), so https://solid.redpencil.io/. I created an account and tried to sign in from both https://dokie.li/ and https://solid.redpencil.io/ itself, and got a completely inscrutable and probably insecure confirmation screen:
Show threadPierre-Antoine ChampinDec 10

@jyasskin That's not exactly "state of the art"... More polished applications would give you a screen like the one attached.

But yes, there are still a lot of rough edges. If you care, now is the time to join the Linked Web Storage Working Group 😉

https://www.w3.org/groups/wg/lws/

Show threadJeffrey YasskinDec 10
@p20n https://solidproject.org/get_a_pod needs to point users toward the state of the art instead of being completely neutral.
Get a Pod - Solid Project

Solid Project
Show threadPierre-Antoine Champin
@jyasskin this is not related to your pod provider, this is related to the application
Dec 10 at 6:47pmWeb
Show threadJeffrey YasskinDec 10
@p20n It's at least somewhat related to the pod provider, because when https://solid.redpencil.io/ tries to log into itself, it gives the non-URL ID. But I do get the more useful ID when I try to log in with https://penny.vincenttunru.com. Your more recent pod provider also seems to have replaced "authorized requests" with "read and write data", which is better ... although it still seems to be able to insist on global read/write access to the entire pod?
Show threadSarven CapadisliDec 10

@p20n @jyasskin I wouldn't go as far as stamping "polished app" b/c of publishing a client id doc (b/c it is trivial) but more like expecting 1) each app instance to publish own client id doc 2) clients managing access 3) servers authz those specific client ids

Static client registration is impractical and not a great fit re decentralisation & loosely coupled components (re Solid pitch). That's besides poor UX (though, not Solid-specific).

Solid-OIDC falls short: https://lists.w3.org/Archives/Public/public-solid/2025Apr/thread.html#msg23

[email protected] from April 2025: by thread

Show threadPierre-Antoine ChampinDec 11

@csarven I merely wanted to point out that @jyasskin 's bad experience was not representative of the whole Solid ecosystem.

But +1 to your more detailed argument.

Show threadSarven CapadisliDec 16

@p20n @jyasskin Moved some pixels around and now @dokieli does both static and dynamic registration. Uses dynamic if dokieli.js's origin differs from webpage or in extension, static otherwise. dokie.li website has its own Client ID Document now, but if anyone wants to host their own dokieli script w/ Client ID document, it can also use static registration.

Now we are polished. 😹

PS: #OIDC is still awful #DX and #UX, .. the redirects, and the amount of things going wrong is just meh.