JavaScriptSolidServer
diff --git a/‎.gitignore‎
Lines changed: 3 additions & 0 deletions b/‎.gitignore‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎LICENSE‎
Lines changed: 22 additions & 0 deletions b/‎LICENSE‎
Lines changed: 22 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 282 additions & 0 deletions b/‎README.md‎
Lines changed: 282 additions & 0 deletions
@@ -0,0 +1,3 @@
+node_modules/
+.DS_Store
+*.log
@@ -0,0 +1,22 @@
+MIT License
+
+Copyright (c) 2024 JavaScriptSolidServer
+Copyright (c) 2024 Christoph Braun (uvdsl)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
@@ -0,0 +1,282 @@
+# solid-oidc
+
+Minimal, zero-build Solid-OIDC client for browsers.
+
+A single JavaScript file (~500 lines) that handles the complete Solid-OIDC authentication flow. No bundler, no transpiler, no build step required.
+
+## Features
+
+- **Zero build step** - Just import and use
+- **Single file** - Copy `solid-oidc.js` or import from CDN
+- **~500 lines** - Readable, auditable, hackable
+- **Full Solid-OIDC** - Login, logout, token refresh, authenticated fetch
+- **DPoP bound tokens** - Secure proof-of-possession
+- **Persistent sessions** - Survives page refresh via IndexedDB
+- **Event-driven** - React to session state changes
+
+## Quick Start
+
+```html
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Solid App</title>
+</head>
+<body>
+  <button id="login">Login</button>
+  <button id="logout" hidden>Logout</button>
+  <pre id="output"></pre>
+
+  <script type="module">
+    import { Session } from 'https://esm.sh/gh/JavaScriptSolidServer/solid-oidc/solid-oidc.js'
+
+    const session = new Session({
+      onStateChange: (e) => {
+        document.getElementById('login').hidden = e.detail.isActive
+        document.getElementById('logout').hidden = !e.detail.isActive
+        document.getElementById('output').textContent = e.detail.isActive
+          ? `Logged in as ${e.detail.webId}`
+          : 'Not logged in'
+      }
+    })
+
+    // Try to restore previous session
+    session.restore().catch(() => {})
+
+    // Handle redirect from identity provider
+    session.handleRedirectFromLogin()
+
+    // Login button
+    document.getElementById('login').onclick = () => {
+      session.login('https://solidcommunity.net', window.location.href)
+    }
+
+    // Logout button
+    document.getElementById('logout').onclick = () => {
+      session.logout()
+    }
+  </script>
+</body>
+</html>
+```
+
+## Installation
+
+### Option 1: CDN (Recommended)
+
+```js
+import { Session } from 'https://esm.sh/gh/JavaScriptSolidServer/solid-oidc/solid-oidc.js'
+```
+
+### Option 2: npm
+
+```bash
+npm install solid-oidc
+```
+
+```js
+import { Session } from 'solid-oidc'
+```
+
+### Option 3: Copy the file
+
+Just copy `solid-oidc.js` into your project and import it:
+
+```js
+import { Session } from './solid-oidc.js'
+```
+
+## API Reference
+
+### `new Session(options)`
+
+Create a new session instance.
+
+```js
+const session = new Session({
+  // Optional: Pre-registered client_id (skips dynamic registration)
+  clientId: 'https://myapp.example/id',
+
+  // Optional: Custom database for session persistence
+  database: new SessionDatabase('my-app'),
+
+  // Optional: Event callbacks
+  onStateChange: (event) => console.log(event.detail),
+  onExpirationWarning: (event) => console.log('Expiring in', event.detail.expires_in),
+  onExpiration: () => console.log('Session expired')
+})
+```
+
+### `session.login(idp, redirectUri)`
+
+Redirect user to identity provider for authentication.
+
+```js
+await session.login('https://solidcommunity.net', window.location.href)
+```
+
+**Parameters:**
+- `idp` - Identity provider URL (e.g., `https://solidcommunity.net`)
+- `redirectUri` - URL to redirect back to after login
+
+### `session.handleRedirectFromLogin()`
+
+Handle the redirect from the identity provider. Call this on page load.
+
+```js
+await session.handleRedirectFromLogin()
+```
+
+### `session.restore()`
+
+Restore a previous session using stored refresh token.
+
+```js
+try {
+  await session.restore()
+  console.log('Session restored')
+} catch (error) {
+  console.log('No session to restore')
+}
+```
+
+### `session.logout()`
+
+End the session and clear all stored data.
+
+```js
+await session.logout()
+```
+
+### `session.authFetch(url, options)`
+
+Make an authenticated fetch request. Automatically includes DPoP proof and access token.
+
+```js
+const response = await session.authFetch('https://pod.example/private/data.ttl')
+const data = await response.text()
+```
+
+Falls back to regular `fetch()` if no session is active.
+
+### Properties
+
+| Property | Type | Description |
+|----------|------|-------------|
+| `session.isActive` | `boolean` | Whether user is logged in |
+| `session.webId` | `string \| null` | User's WebID when logged in |
+
+### Methods
+
+| Method | Returns | Description |
+|--------|---------|-------------|
+| `session.isExpired()` | `boolean` | Whether access token is expired |
+| `session.getExpiresIn()` | `number` | Seconds until token expires (-1 if no token) |
+
+### Events
+
+The session extends `EventTarget` and emits these events:
+
+| Event | Detail | Description |
+|-------|--------|-------------|
+| `sessionStateChange` | `{ isActive, webId }` | Login/logout occurred |
+| `sessionExpirationWarning` | `{ expires_in }` | Token refresh failed but not expired |
+| `sessionExpiration` | - | Token expired and refresh failed |
+
+```js
+session.addEventListener('sessionStateChange', (event) => {
+  console.log('Active:', event.detail.isActive)
+  console.log('WebID:', event.detail.webId)
+})
+```
+
+## Advanced Usage
+
+### Custom Session Database
+
+```js
+import { Session, SessionDatabase } from './solid-oidc.js'
+
+// Use a custom database name (useful for multiple sessions)
+const database = new SessionDatabase('my-app-session')
+const session = new Session({ database })
+```
+
+### Pre-registered Client ID
+
+If your app has a pre-registered client ID, provide it to skip dynamic registration:
+
+```js
+const session = new Session({
+  clientId: 'https://myapp.example/id'
+})
+```
+
+### Multiple Identity Providers
+
+```js
+const providers = [
+  { name: 'Solid Community', url: 'https://solidcommunity.net' },
+  { name: 'Inrupt PodSpaces', url: 'https://login.inrupt.com' },
+  { name: 'solidweb.org', url: 'https://solidweb.org' }
+]
+
+// Let user choose
+const idp = prompt('Choose provider:', providers[0].url)
+await session.login(idp, window.location.href)
+```
+
+### Handling Token Expiration
+
+```js
+const session = new Session({
+  onExpirationWarning: async (event) => {
+    console.log(`Token expires in ${event.detail.expires_in}s, refreshing...`)
+    try {
+      await session.restore()
+    } catch {
+      // Refresh failed, maybe prompt re-login
+      if (confirm('Session expired. Login again?')) {
+        await session.login(idp, window.location.href)
+      }
+    }
+  }
+})
+```
+
+## Specifications Implemented
+
+- [RFC 6749](https://tools.ietf.org/html/rfc6749) - OAuth 2.0
+- [RFC 7636](https://tools.ietf.org/html/rfc7636) - PKCE
+- [RFC 9207](https://tools.ietf.org/html/rfc9207) - Authorization Server Issuer Identification
+- [RFC 9449](https://tools.ietf.org/html/rfc9449) - DPoP (Demonstration of Proof-of-Possession)
+- [Solid-OIDC](https://solidproject.org/TR/oidc) - Solid OIDC Specification
+
+## Testing
+
+Open `test.html` in a browser to run the test suite. Tests cover:
+- Session instantiation and state management
+- SessionDatabase (IndexedDB) operations
+- Event dispatching
+
+```bash
+# Serve locally and open test.html
+npx serve .
+# Then visit http://localhost:3000/test.html
+```
+
+## Browser Requirements
+
+- ES Modules (`<script type="module">`)
+- `crypto.subtle` (requires HTTPS or localhost)
+- `indexedDB` (for session persistence)
+
+Works in all modern browsers (Chrome 63+, Firefox 57+, Safari 11+, Edge 79+).
+
+## Credits
+
+Based on [solid-oidc-client-browser](https://github.com/uvdsl/solid-oidc-client-browser) by [uvdsl (Christoph Braun)](https://github.com/uvdsl). Refactored into a minimal, zero-dependency, single-file library.
+
+## License
+
+MIT
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+node_modules/`
	`2`	`+.DS_Store`
	`3`	`+*.log`