Skip to content

Commit 6647b34

Browse files
docs(features/plugins): getAgent shipped in v0.0.214 (#30)
Status table and identity section updated: the public accessor is import { getAgent } from 'javascript-solid-server/auth.js' — the internal-import caution is gone, the agent-identifier contract (WebID or did:nostr DID, five credential schemes) is stated, code samples use the public seam, and the roadmap moves getAgent from proposed to shipped. Also fixes a token-TTL aside that pointed at the wrong issue.
1 parent f6e752e commit 6647b34

1 file changed

Lines changed: 18 additions & 18 deletions

File tree

docs/features/plugins.md

Lines changed: 18 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@ else. Your WebID can be the app's account — no separate passwords.
2424
| Application mount points (`appPaths`) |**Shipped in v0.0.213** | [#582](https://github.com/JavaScriptSolidServer/JavaScriptSolidServer/issues/582), [#585](https://github.com/JavaScriptSolidServer/JavaScriptSolidServer/pull/585) |
2525
| Reference plugin ("plugin zero") | ✅ Running — [Tideholm](https://github.com/melvincarvalho/tideholm/tree/gh-pages/jss-plugin), a multiplayer game where pod WebIDs are player accounts | [#206 discussion](https://github.com/JavaScriptSolidServer/JavaScriptSolidServer/issues/206) |
2626
| Raw-body mode for wrapped apps | 📋 Pattern documented below; helper proposed | [#583](https://github.com/JavaScriptSolidServer/JavaScriptSolidServer/issues/583) |
27-
| Public identity accessor (`api.auth.getAgent`) | 📋 Works via internal import; public blessing proposed | [#584](https://github.com/JavaScriptSolidServer/JavaScriptSolidServer/issues/584) |
27+
| Public identity accessor (`getAgent`) | **Shipped in v0.0.214** | [#584](https://github.com/JavaScriptSolidServer/JavaScriptSolidServer/issues/584), [#586](https://github.com/JavaScriptSolidServer/JavaScriptSolidServer/pull/586) |
2828
| Plugin loader (manifest, discovery, policy) | 🔭 Designed, not yet built | [#206](https://github.com/JavaScriptSolidServer/JavaScriptSolidServer/issues/206), [#564](https://github.com/JavaScriptSolidServer/JavaScriptSolidServer/issues/564) |
2929

3030
## Why plugins?
@@ -85,28 +85,28 @@ already handles every supported scheme uniformly — IdP Bearer tokens,
8585
Solid-OIDC DPoP, Nostr NIP-98 signatures, LWS10-CID:
8686

8787
```js
88-
import { getWebIdFromRequestAsync } from 'javascript-solid-server/src/auth/token.js';
88+
import { getAgent } from 'javascript-solid-server/auth.js'; // v0.0.214+
8989

9090
async function myAppHandler(request, reply) {
91-
const { webId } = await getWebIdFromRequestAsync(request);
92-
if (!webId) return reply.code(401).send({ error: 'sign in with your pod' });
93-
// webId is a verified identity — key your app's users on it
91+
const agent = await getAgent(request);
92+
if (!agent) return reply.code(401).send({ error: 'sign in with your pod' });
93+
// agent is a verified identifier — key your app's users on it
9494
}
9595
```
9696

97-
:::caution
98-
`getWebIdFromRequestAsync` is currently an internal import — it works, but
99-
its path isn't a stable contract yet.
100-
[#584](https://github.com/JavaScriptSolidServer/JavaScriptSolidServer/issues/584)
101-
tracks blessing it as public API (`api.auth.getAgent`).
102-
:::
97+
`getAgent` returns the verified **agent identifier**: usually an HTTP(S)
98+
WebID, but a `did:nostr:...` DID for NIP-98 agents without a WebID mapping —
99+
DID agents are first-class. It covers all five credential schemes (IdP
100+
Bearer, Solid-OIDC DPoP, Nostr NIP-98, LWS10-CID, WebID-TLS), never throws
101+
on bad credentials, and everything under `src/` stays internal — this
102+
import is the contract.
103103

104104
**Browser users** don't send `Authorization` headers by themselves. The
105105
pattern proven in Tideholm: the app's login screen POSTs pod credentials to
106106
JSS's documented [`/idp/credentials`](/docs/features/authentication)
107107
endpoint, stores the returned Bearer token, and attaches it to the app's
108108
API calls. Tokens expire after 3600s — handle the 401 by returning to the
109-
login screen (or watch #584 for improvements here).
109+
login screen.
110110

111111
## Wrapping an existing app (raw bodies)
112112

@@ -124,8 +124,7 @@ await fastify.register(async (scope) => {
124124
scope.addContentTypeParser('*', (req, payload, done) => done(null, payload));
125125

126126
const handler = async (request, reply) => {
127-
const { webId } = await getWebIdFromRequestAsync(request);
128-
request.raw.myAppWebId = webId; // hand identity to the raw handler
127+
request.raw.myAppAgent = await getAgent(request); // identity for the raw handler
129128
reply.hijack(); // fastify lets go of the response
130129
myNodeApp.handle(request.raw, reply.raw);
131130
};
@@ -172,12 +171,13 @@ in order:
172171
storage** (pods are user-writable; a loader that reads them is RCE).
173172
2. **Migrate the bundled features** onto the loader (#564) — eight
174173
battle-tested consumers from day one.
175-
3. **Richer seams as consumers demand them**`api.auth.getAgent` (#584),
176-
`api.mountApp` (#583), `registerMcpTool`, `registerPane`, with the
174+
3. **Richer seams as consumers demand them**`api.mountApp` (#583),
175+
`registerMcpTool`, `registerPane` (`getAgent` already shipped: the
176+
loader hands plugins the same function as `api.auth.getAgent`), with the
177177
[pane store](https://github.com/JavaScriptSolidServer/JavaScriptSolidServer/issues/184)
178178
as the eventual marketplace layer.
179179

180180
The pattern for contributing a seam is established: build a real thing
181181
against JSS, hit a wall, file the smallest issue that removes it, prove it
182-
with your consumer. Plugin zero took the `appPaths` route from idea to npm
183-
in a day — the door is open.
182+
with your consumer. Plugin zero took two seams (`appPaths`, `getAgent`) from idea to npm in a
183+
day each — the door is open.

0 commit comments

Comments
 (0)