Re: Solid Auth for web browser extensions (Former: Usability and scalability of Solid-OIDC in a decentralized ecosystem) from Melvin Carvalho on 2025-04-28 (public-solid@w3.org from April 2025)

From: Melvin Carvalho <melvincarvalho@gmail.com>
Date: Mon, 28 Apr 2025 18:11:08 +0200
To: elf Pavlik <elf-pavlik@hackers4peace.net>
Cc: public-solid@w3.org
Message-ID: <CAKaEYhKe69vkbzi0yNKPKTxxvnnySAf6TVqQJ6EiLUekULr3YA@mail.gmail.com>

po 28. 4. 2025 v 16:17 odesílatel elf Pavlik <elf-pavlik@hackers4peace.net>
napsal:

> On 2025-04-28 06:19, Sarven Capadisli wrote:
> > On 2025-04-28 14:02, elf Pavlik wrote:
> >> Do you have this web browser extensions use case captured in LWS UCs
> >> repo? To be honest I'm to familiar with how they work. For example
> >> what is used as a `redirect_uri`?
> >
> > Contextual Interactions via Native User Agent or Add-on:
> >
> > https://github.com/w3c/lws-ucs/issues/55
> >
> > As I understand it, currently browser extensions can use dynamic client
> > registration and use the location at the time of initiating the login
> > process as the redirect URI. With static client registration, this URI
> > will be validated against the redirect URIs specified in the Client ID
> > Document, and here is where the flow breaks for the case of an
> > extension.
>
> Thanks Sarven, this is very helpful for me to start understanding your
> use case!
>
> I made a typo in my previous email, I'll blame it on writing it at 6AM,
> I'm NOT familiar with nuances of browser extensions.
>
> I started doing some searches and it may require some more research. For
> example Chrome/Chromium extensions seem to use chromiumapp.org for
> redirect urls.
>
>
> https://m2kdevelopments.medium.com/25-understanding-chrome-extensions-oauth-2bd175964384#c7b4
>
> In Firefox I found this post with 0 replies
>
>
> https://discourse.mozilla.org/t/how-to-integrate-google-oauth-for-calendar-access-in-firefox-extension-previously-successful-in-chrome/134818
>
> Do you know how many people in Solid community, besides you, have
> experience with developing browser extensions?
>

Hey Elf,

As I've mentioned a few times before, Schnorr signatures are already widely
deployed on the internet, and there’s working code for them in SolidOS as
well.

I have a full demo of login to Solid using Schnorr auth, including browser
extensions. Here’s a short screencast:

https://www.youtube.com/watch?v=wlADHzVNcvM

A lot of work has already gone into this direction — and your friend
Michael Bumann is even further ahead in this direction.

Also, I spoke with Michiel about potentially merging into Pivot — he was
very helpful and put me in touch with Theo.

Happy to share more details with you if that's helpful.

Best
Melvin


>
> Cheers!
>
>

Received on Monday, 28 April 2025 16:11:25 UTC