Skip to content

Upgrade dependencies and migrate Solid auth to @uvdsl/solid-oidc-client-browser#27

Open
m5x5 wants to merge 6 commits into
KNowledgeOnWebScale:mainfrom
m5x5:chore/upgrade-deps-uvdsl-auth
Open

Upgrade dependencies and migrate Solid auth to @uvdsl/solid-oidc-client-browser#27
m5x5 wants to merge 6 commits into
KNowledgeOnWebScale:mainfrom
m5x5:chore/upgrade-deps-uvdsl-auth

Conversation

@m5x5

@m5x5 m5x5 commented May 20, 2026

Copy link
Copy Markdown

Summary

This PR upgrades the project's build tooling and dependencies to their latest versions and replaces Inrupt's Solid authentication with the actively-maintained @uvdsl/solid-oidc-client-browser.

Auth migration (Inrupt → uvdsl)

Previously, auth was provided by @inrupt/solid-client-authn-browser, shipped as a prebuilt global bundle (lib/solid-client-authn.bundle.js) and consumed via a solidClientAuthentication global. This is replaced with the npm-managed @uvdsl/solid-oidc-client-browser, bundled through webpack like every other dependency.

API mapping in js/index.js:

Before (Inrupt) After (uvdsl)
solidClientAuthentication.fetch session.authFetch
handleIncomingRedirect({ restorePreviousSession: true }) session.handleRedirectFromLogin() / session.restore()
getDefaultSession().info.isLoggedIn session.isActive
getDefaultSession().info.webId session.webId
login({ oidcIssuer, redirectUrl, clientName }) session.login(oidcIssuer, redirectUrl)

session.restore() rejects when there is no session to restore (e.g. a first visit), so it is wrapped in a try/catch that falls through to the login form.

  • Removed lib/solid-client-authn.bundle.js and its <script> tag in index.html.

Dependency upgrades

  • webpack 5.68 → 5.107, webpack-cli 4 → 7, webpack-dev-server 4 → 5
  • Babel core/preset-env/plugin-transform-runtime/runtime → 7.29
  • node-polyfill-webpack-plugin 1 → 4
  • jsonld 5 → 9, rdf-parse 1 → 5, readable-web-to-node-stream 3 → 5
  • dayjs and calendar-link bumped to latest

Build config

  • webpack.config.js: set assetModuleFilename so the emitted Solid-OIDC refresh worker gets a stable filename (RefreshWorker.js) and can be gitignored like the other build artifacts.
  • Updated .gitignore, README.md, and CHANGELOG.md.

Testing

  • npx webpack builds successfully (only the pre-existing bundle-size warnings).
  • Served the production build and loaded it in a headless Chrome: the app initializes, restore() resolves gracefully with no session, and the WebID login form is shown with no uncaught errors in the console.

Note: full login against a live Solid IdP was not exercised end-to-end in CI; the unauthenticated load path and the documented uvdsl API surface were verified.

🤖 Generated with Claude Code

m5x5 and others added 6 commits May 21, 2026 00:06
Replace Inrupt's @inrupt/solid-client-authn-browser (shipped as a prebuilt
global bundle in lib/) with the npm-managed @uvdsl/solid-oidc-client-browser.

- js/index.js: use the uvdsl `Session` API
  (handleRedirectFromLogin/restore/login/isActive/webId/authFetch) in place
  of the `solidClientAuthentication` global; restore() rejects on a fresh
  visit, so it is wrapped to fall through to the login form.
- index.html: drop the <script> tag for the removed bundle.
- Remove lib/solid-client-authn.bundle.js (now bundled via webpack).
- Upgrade build tooling and dependencies to latest: webpack 5.107,
  webpack-cli 7, webpack-dev-server 5, Babel 7.29, node-polyfill-webpack-plugin 4,
  jsonld 9, rdf-parse 5, readable-web-to-node-stream 5, dayjs, calendar-link.
- webpack: emit assets with stable names (assetModuleFilename) so the
  Solid-OIDC refresh worker can be gitignored like the other build artifacts.
- Update README, CHANGELOG and .gitignore accordingly.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
rdf-parse v5 dropped its default export; the parser is now the named
export `rdfParser`. The default import resolved to undefined, causing
"Cannot read properties of undefined (reading 'parse')" in getRDFasJson.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
rdf-parse v5 uses a strict, RDF 1.1-compliant N3 parser for Turtle/TriG
that aborts the whole document on quirks the old lenient parser tolerated
(e.g. an rdf:langString literal written with an explicit ^^ datatype
instead of a language tag, as emitted by some pods). Request JSON-LD with
the highest priority so the more forgiving JSON-LD parser is used, falling
back to the other serialisations.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- findAndShowSlots: show a friendly message when no participant is selected
  instead of crashing on undefined slots.
- findSlots: guard against WebIDs absent from the participant list (e.g.
  'Show only my slots' uses the logged-in user's WebID, which is not listed
  unless they are also an employee) rather than reading availabilityCalendar
  of undefined.
- showSlots: treat undefined/empty slots as 'no slots'.
- getParticipantViaAvailabilityCalendarUrl: tolerate participants without an
  availabilityCalendar (invalid/unfetched entries) via optional chaining.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Fetching participant WebIDs cross-origin from a browser frequently fails
(CORS/network), and the app re-tried every failing URL on every load. Now:

- Failed fetches are remembered in localStorage (1-day expiry) and skipped
  on subsequent loads, so the participant list resolves much faster and the
  console is no longer flooded with repeated 'Failed to fetch' errors.
- Each cached-unreachable participant gets a 'Try again' button that clears
  the cache entry and re-fetches just that WebID, re-rendering it into the
  valid or invalid list based on the outcome.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
A non-200 response (e.g. 401/403 for an availability calendar protected by
ACL) was surfaced by dumping the server's raw RDF/JSON-LD error document as
the error message. Now getRDFasJson throws a concise 'HTTP <status> (<Error>)'
error carrying the status code, and downloadAvailabilityCalendar maps 401/403
to readable 'Not authorized'/'Forbidden' messages.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant