Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@perploug Yeah I noticed that Chrome didn't give me the popup anymore lately. Would that still be possible behind a flag?
@melvincarvalho @timbl @kidehen You are client certificate users, what browser(s) work(s) for you?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@RubenVerborgh ,
There are no browser specific issues that impede my use of WebID-TLS. It just works :)
/cc @melvincarvalho @timbl
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@perploug But it didn't work for you in other browsers?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I use TLS certs to log in to with chrome, and this still works for me.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I use WebID-TLS on chrome and firefox. No issues here either.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't use the WebId-TLS option as there is it apparently not supported on the solid.community pods (I seem to recall a comment that this option was being deprecated)
The reason the firefox comment is in there is because it was there before, I just moved to the beginning of the sentence - but based on your comments it seems it can be removed all together - will update the PR
And to confirm I do get prompted for a certificates on Osx Chrome and firefox.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
WebID-TLS has always been the primary login system for solid. It is not deprecated. The plan is to support it on solid.community in future. But code needs to be there first.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@melvincarvalho okey - that clears things up a bit - is there any provider which supports WebID-TLS? otherwise I think that should be part of the documentation that users cannot currently expect this functionality
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
databox is the provider that supports WebID-TLS, but it doesnt yet support WebID-OIDC
There is in theory a way where you wrap WebID-TLS inside WebID-OIDC, which also works today, or should work today.
However, by nature the TLS is more secure because it involves two parties, and OIDC is less secure because it requires a trusted third party. On the other hand, the trusted third party has a good network effect today, due to the nature of large email and identity providers.
Over time, it would be good for both protocols to be supported. That was the design aim, but we are not there yet.