# Solid OIDC **Solid OIDC** is the authentication protocol used in the [[Solid]] ecosystem. It extends [[OpenID Connect (OIDC)]] to support decentralized authentication using [[WebID]]-based identifiers. ## Purpose Solid OIDC enables: - Authentication of users by their [[WebID]] across any Solid-compliant server - Decentralized identity providers (IdPs) — no single authority - Standard OAuth 2.0 / OIDC tokens with Solid-specific claims - Cross-pod authentication and authorization ## Key Differences from Standard OIDC - **WebID as Subject**: Tokens identify users by their [[WebID]] URI, not just an opaque user ID - **Decentralization**: Any compliant Solid OIDC provider can authenticate any WebID - **DPoP Tokens**: Uses Demonstrating Proof-of-Possession for token binding to client keys - **Identity Verification**: Resource servers can verify the IdP that issued a token is authorized for the WebID ## Authentication Flow 1. Client app redirects user to their chosen Solid OIDC provider 2. User authenticates with the provider 3. Provider issues an ID token containing the user's [[WebID]] 4. Client uses the token (with DPoP proof) when accessing [[Solid]] resources 5. Resource servers verify both the token and the issuer-WebID relationship ## Implementations - **NSS (Node Solid Server)**: see [[JavaScript Solid Server (JSS)]] - **CSS**: see [[Community Solid Server]] - **Inrupt PodSpaces**: commercial Solid hosting - **Client libraries**: see [[Inrupt Solid Client]] ## Resources - Solid OIDC spec: https://solidproject.org/TR/oidc - Authentication overview: https://solidproject.org/TR/protocol#authentication ## References - https://solidproject.org/TR/oidc ## Related - [[Solid]] - [[Solid Protocol]] - [[OpenID Connect (OIDC)]] - [[WebID]]