fix: use optional SOLID_RESOURCE_URL for authenticated fetch example#16
fix: use optional SOLID_RESOURCE_URL for authenticated fetch example#16jeswr merged 3 commits intofeat/script-authenticationfrom
Conversation
Co-authored-by: jeswr <63333554+jeswr@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
Updates the Node.js client-credentials authentication guide to demonstrate an authenticated fetch against an optional, user-provided Solid resource URL (instead of always fetching the WebID profile), while documenting the fallback behavior.
Changes:
- Add optional
SOLID_RESOURCE_URLenv var to target a specific resource for the authenticated fetch. - Update the example request to use
SOLID_RESOURCE_URLwhen set, otherwise fall back tosession.info.webId. - Update Bash/PowerShell run instructions and narrative text to mention the new optional env var and fallback.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| const CLIENT_ID = process.env.SOLID_CLIENT_ID; | ||
| const CLIENT_SECRET = process.env.SOLID_CLIENT_SECRET; | ||
| const OIDC_ISSUER = process.env.SOLID_OIDC_ISSUER; // Your authorization server URL (sometimes called IdP, sometimes same as your Solid server URL) | ||
| const RESOURCE_URL = process.env.SOLID_RESOURCE_URL; // URL of the protected resource to fetch (optional) |
There was a problem hiding this comment.
The comment says this is a "protected resource" URL, but the code explicitly falls back to fetching the WebID profile document (which is often public). Consider updating the inline comment to reflect the actual behavior (e.g., optional resource URL that defaults to the WebID profile) so the example isn’t self-contradictory.
| const RESOURCE_URL = process.env.SOLID_RESOURCE_URL; // URL of the protected resource to fetch (optional) | |
| const RESOURCE_URL = process.env.SOLID_RESOURCE_URL; // Optional resource URL to fetch; defaults to your WebID profile if not set |
| // but automatically includes authentication headers. | ||
| const response = await session.fetch(session.info.webId); | ||
| console.log(`GET ${session.info.webId} — ${response.status}`); | ||
| const resourceUrl = RESOURCE_URL ?? session.info.webId; |
There was a problem hiding this comment.
Using the nullish coalescing operator here means an empty-string SOLID_RESOURCE_URL (e.g., set but blank in a .env) will be treated as a valid URL and passed to fetch, which will throw. If the intent is “use env var when it’s a non-empty string”, prefer a check that also treats '' as unset (e.g., using || or trimming/validating before selecting the URL).
| const resourceUrl = RESOURCE_URL ?? session.info.webId; | |
| const resourceUrl = | |
| RESOURCE_URL && RESOURCE_URL.trim() | |
| ? RESOURCE_URL | |
| : session.info.webId; |
| ``` | ||
|
|
||
| Replace `http://localhost:3000` with the URL of your Solid server (for example, `https://solidcommunity.net` or `https://login.inrupt.com`). | ||
| Replace `http://localhost:3000` with the URL of your authorization server (for example, `https://solidcommunity.net` or `https://login.inrupt.com`), and set `SOLID_RESOURCE_URL` to the URL of the private resource you want to access. If `SOLID_RESOURCE_URL` is omitted, the script falls back to fetching your WebID profile document. |
There was a problem hiding this comment.
This instruction suggests replacing http://localhost:3000 with the authorization server URL, but the example now uses the same placeholder host for both SOLID_OIDC_ISSUER (auth server) and SOLID_RESOURCE_URL (resource/POD server). For many setups (e.g., Inrupt), these are different hosts; consider rewording to explicitly say “set SOLID_OIDC_ISSUER to your authorization server” and “set SOLID_RESOURCE_URL to the resource URL on your Pod/server”, rather than a single replacement step.
| Replace `http://localhost:3000` with the URL of your authorization server (for example, `https://solidcommunity.net` or `https://login.inrupt.com`), and set `SOLID_RESOURCE_URL` to the URL of the private resource you want to access. If `SOLID_RESOURCE_URL` is omitted, the script falls back to fetching your WebID profile document. | |
| Set `SOLID_OIDC_ISSUER` to the URL of your authorization server (for example, `https://solidcommunity.net` or `https://login.inrupt.com`), and set `SOLID_RESOURCE_URL` to the URL of the private resource you want to access on your Pod/server. If `SOLID_RESOURCE_URL` is omitted, the script falls back to fetching your WebID profile document. |
* feat: add guide for authenticating with a script * Update docs/guides/authenticating_with_a_script.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * feat: add guide for authenticating with a script (#15) * Initial plan * Address review feedback: load OIDC_ISSUER from env var, add cross-platform instructions Co-authored-by: jeswr <63333554+jeswr@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: jeswr <63333554+jeswr@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Samu Lang <langsamu@users.noreply.github.com> * Update docs/guides/authenticating_with_a_script.md Co-authored-by: Samu Lang <langsamu@users.noreply.github.com> * fix: use optional SOLID_RESOURCE_URL for authenticated fetch example (#16) * Initial plan * fix: add optional SOLID_RESOURCE_URL env var for the resource to fetch Co-authored-by: jeswr <63333554+jeswr@users.noreply.github.com> * Apply suggestions from code review --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: jeswr <63333554+jeswr@users.noreply.github.com> --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Co-authored-by: Samu Lang <langsamu@users.noreply.github.com>
Fetching the WebID profile document as the example authenticated request is an anti-pattern — it's a public resource, not a protected one, and isn't defined as a Solid resource in all server implementations (e.g. ESS).
Changes
SOLID_RESOURCE_URLenv var: added as an optional input for the target resource URL; falls back tosession.info.webIdif unsetRESOURCE_URL ?? session.info.webIdinstead of always fetching the WebID profileSOLID_RESOURCE_URLSOLID_RESOURCE_URLis optional and describes the fallback behaviour💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.