Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This PR migrates SolidOS solid-logic browser authentication from the Inrupt OIDC client to @uvdsl/solid-oidc-client-browser, while keeping temporary compatibility paths for downstream consumers during the transition.
Changes:
- Replace the runtime dependency and session construction to use
@uvdsl/solid-oidc-client-browserinstead of Inrupt. - Add a legacy
authSession.eventsshim and broaden session-state handling (info.webId/isLoggedInvswebId/isActive) plus dual redirect flows. - Update Jest setup to mock the new OIDC client module for tests.
Reviewed changes
Copilot reviewed 9 out of 10 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| test/solidAuthLogic.test.ts | Adds an authSession mock to keep SolidAuthnLogic tests working with the new session shape. |
| test/mocks/solid-oidc-client-browser.ts | Provides a Jest-mapped mock implementation of the uvdsl Session API. |
| src/types.ts | Updates exported AuthnLogic typing to use the new session type alias. |
| src/logic/solidLogicSingleton.ts | Adds compatibility logic for authenticated fetch (fetch vs authFetch) and webId detection. |
| src/logic/solidLogic.ts | Updates createSolidLogic signature to accept the new session type. |
| src/authSession/authSession.ts | Switches to uvdsl Session and adds a minimal legacy events shim + logout bridging. |
| src/authn/SolidAuthnLogic.ts | Updates session handling to support both legacy and new contracts and redirect flows. |
| package.json | Swaps dependency from Inrupt authn browser package to uvdsl client. |
| package-lock.json | Locks updated dependency graph after migration. |
| jest.config.mjs | Maps @uvdsl/solid-oidc-client-browser to a local mock for tests. |
Comments suppressed due to low confidence (1)
src/authn/SolidAuthnLogic.ts:90
- The new restore/redirect compatibility path adds non-trivial behavior (swallowing only the expected "no session to restore" error, rethrowing others, and emitting legacy
sessionRestore/loginevents based on session activation), but the existing tests only assert thatcheckUser()returnsnull. Add unit tests that cover: (1)restore()throwing the expected no-session error is ignored, (2) other errors are propagated, and (3) the legacy events are emitted whenisActivetransitions from false to true.
if (typeof sessionAny?.restore === 'function') {
const wasActive = sessionAny?.isActive ?? Boolean(sessionAny?.webId)
try {
await sessionAny.restore()
} catch (error) {
const message = error instanceof Error ? error.message : String(error)
if (!/no session to restore/i.test(message)) {
throw error
}
debug.log('No previous session to restore')
}
const isNowActive = sessionAny?.isActive ?? Boolean(sessionAny?.webId)
if (!wasActive && isNowActive) {
sessionAny.events?.emit('sessionRestore', window.location.href)
}
}
if (typeof sessionAny?.handleRedirectFromLogin === 'function') {
const wasActive = sessionAny?.isActive ?? Boolean(sessionAny?.webId)
await sessionAny.handleRedirectFromLogin()
const isNowActive = sessionAny?.isActive ?? Boolean(sessionAny?.webId)
if (!wasActive && isNowActive) {
sessionAny.events?.emit('login')
}
}
}
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Convert `SessionWithLegacyEvents` imports to type-only imports to avoid runtime side effects when importing auth-related modules - Prevent eager initialization of `authSession` via type-only usage in: - types.ts - SolidAuthnLogic.ts - solidLogic.ts - Add focused tests for fetch bridge behavior in `solidLogicSingleton`: - use `window.fetch` when `credentials: omit` - fall back to `authFetch` when `session.fetch` is unavailable - Keep migration compatibility behavior intact while improving import safety and regression coverage
Skip WebSession worker initialization for localhost/127.0.0.1 over http and use SessionCore with IndexedDB directly. This prevents browser SecurityError noise from file:// worker resolution in local dev while keeping normal session behavior in other environments.
m5x5
approved these changes
May 25, 2026
timea-solid
approved these changes
May 26, 2026
Member
|
What was your experience so far with the new authentication lib, is there any visible chnage to the user? |
Member
|
@bourgeoa check the copilot review feedback, see if it is valid to harden the code. |
- session.ts: OIDC session factory (WebSession/SessionCore, database backends) - events.ts: SessionEvents class (pure EventEmitter shim, zero side-effects) - issuer.ts: issuer discovery via /.well-known/openid-configuration - authSession.ts: login compatibility shim, legacy event wiring, authSession assembly; re-exports authSession and SessionWithLegacyEvents type All existing imports continue working unchanged — authSession.ts is a drop-in replacement with the same exports.
Member
|
Following up from my comments in this week's meeting, looking at the current PR it seems like
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Commit Notes - solid-logic (uvdsl migration)
Scope
Replace browser OIDC client usage from Inrupt to
@uvdsl/solid-oidc-client-browserwhile keeping compatibility during transition.Current migration status
Fully migrated
@inrupt/solid-client-authn-browserremains insrc.@uvdsl/solid-oidc-client-browserinpackage.json.Sessionimplementation.Compatibility retained intentionally
src/authn/SolidAuthnLogic.tssession.info.webId/isLoggedInorsession.webId/isActive.handleIncomingRedirect({ restorePreviousSession, url })restore()+handleRedirectFromLogin()No session to restoreas a normal first-load condition instead of surfacing an uncaught rejection.src/logic/solidLogicSingleton.tssession.fetchif present, otherwisesession.authFetch.session.info.webIdfallback tosession.webId.src/authSession/authSession.tsauthSession.events.on/off/emitshim for older consumers.sessionStateChangeonly when the session instance exposesaddEventListener.These are migration-compatibility paths for downstream packages, not leftover Inrupt dependencies.
Validation notes
Recommendation after integrated test passes
Create a follow-up hardening commit that removes compatibility branches and keeps only native uvdsl contract:
webId+isActiverestore()+handleRedirectFromLogin()sessionStateChangeEventTarget flowSuggested commit message (current migration)
Title
feat(auth): migrate solid-logic OIDC client to @uvdsl/solid-oidc-client-browser
Body
Suggested follow-up commit message (cleanup only, later)
Title
refactor(auth): drop legacy session compatibility paths after uvdsl validation
Body
session.info/isLoggedInbrancheshandleIncomingRedirectcompatibility branchwebId,isActive, andsessionStateChange