Option to disable dynamic registration of Solid apps #65
Milestone
Comments
michielbdejong
changed the title
|
In fact, one could even use the same mechanism for the consent flow, just restrict it to registered apps and disable dynamic registration. |
|
|
It's probably going to be something to pass to the config of the https://github.com/panva/node-oidc-provider component |
|
Ah wait, this wouldn't make sense, because even if you wouldn't give them root access to your storage, you would still want to share your identity with random apps around the web! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
By default, CSS includes the app authorisation mechanism (OIDC consent dialog) that #38 aims to fix.
The presence of this module allows any website in the world to request access to a user's pod, and if the user clicks 'Authorize' then this website gets full read-write access to all the user's data.
However, one could also probably configure CSS without this dialog, thus removing the need for both #38 and #64.
One could then use a custom mechanism to hand out OIDC tokens to only a hand-picked list of clients, and this would make the server a lot safer (although of course, less versatile) to use.
The text was updated successfully, but these errors were encountered: