One-button Solid login via the browser window

[RubenVerborgh]

Pitch

My browser should have a series of buttons that I can press and depress to log in with different WebIDs. My browser remembers my credentials. By default, I'm logged in anonymously. When I press a button, the website gets a signal that I want to log in with this specific WebID (so the IDP selection step can be skipped).

Desired solution

• A browser extension to which I can register multiple WebIDs
  • A series of buttons in my browser corresponding to those WebIDs (plus an anonymous user)
  • The extension exposes an object to the browser tab, such that apps can attach a listener.
• An example app that reacts to clicks on these buttons.

Acceptance criteria

• My browser displays buttons
• I can log in by clicking those buttons
• Preferably a cross-browser extension

Pointers

Scenarios

[RubenVerborgh]

This is how Google does it (note that I am in Firefox here, so it is actually reddit.com that does it):

Of course in an iframe for security reasons:

Solid (being decentralized) does not have that single point of access that Google has, which is why we want the browser.

[pheyvaer]

@RubenVerborgh Would it make sense to make an extra challenge that is easier and that is tackled before this one?

• Only consider one WebID at the time.
• Capture all requests from the browser and make them authenticated. The advantage here is that I can go to a protected Webpage without the need of an app to attach a listener.

[RubenVerborgh]

@pheyvaer Agreed; could you take that up? Key is to understand whether or not we can indeed authenticate requests from an extension.

[pheyvaer]

Done at https://github.com/SolidLabResearch/Challenges/issues/67.