#solidproject | Explore Tumblr Posts and Blogs

elijahsimonart · 5 years

Photo

Witchery. 🧙‍♀️🌙🌕 . Solid: The Curse of Radu! OUT NOW! . https://www.amazon.com/dp/B07HBY8SMG . . . . #SolidProject #SolidOmega #Solid #Art #Anime #Manga #MangaArt #Animation #InstaArt #InstaArtist #ElijahSimon #MyOC #OriginalCharacter #Comic #book #Comics #ComicBook #Original #Sketch #Cartoon #character #draw #ink #Indie #IndieComic #IndieGame #ENDtenseJET #ArtistOnInstagram #ElijahSimonArt #ENDtense https://www.instagram.com/p/BromG0_hOPC/?utm_source=ig_tumblr_share&igshid=1i6acmmq9ip3

1 note · View note

joutlaw60 · 7 years

Photo

#legends Create There Own Destiny🌠🎤📸🎬🎯 #Timeless Catalog Content and #solidproject Material Like This Should Shut up all The Doubters Cuzzo Deserves This || (@reem.riches) || 9.14.17 #HEAVY #TRACCLIST Catch me On #15 x (@kboythegre8t) & (@mrr.calhoun) || #FlexShiD #Savrich #Westcoast #HipHop || 📸📸... (@jorgepeniche) || #Legooooo (at South Central LA)

#15 #legooooo #tracclist #legends #savrich #hiphop #heavy #flexshid #timeless #solidproject #westcoast

1 note · View note

voidstarzero · 3 years

Text

DPoP with Spring Boot and Spring Security

Solid is an exciting project that I first heard about back in January. Its goal is to help “re-decentralize” the Web by empowering users to control access to their own data. Users set up “pods” to store their data, which applications can securely interact with using the Solid protocol. Furthermore, Solid documents are stored as linked data, which allows applications to interoperate more easily, hopefully leading to less of the platform lock-in that exists with today’s Web.

I’ve been itching to play with this for months, and finally got some free time over the past few weekends to try building a Solid app. Solid's authentication protocol, Solid OIDC, is built on top of regular OIDC with a mechanism called DPoP, or "Demonstration of Proof of Possession". While Spring Security makes it fairly easy to configure OIDC providers and clients, it doesn't yet have out-of-the-box support for DPoP. This post is a rough guide on adding DPoP to a Spring Boot app using Spring Security 5, which gets a lot of the way towards implementing the Solid OIDC flow. The full working example can be found here.

DPoP vs. Bearer Tokens

What's the point of DPoP? I will admit it's taken me a fair amount of reading and re-reading over the past several weeks to feel like I can grasp what DPoP is about. My understanding thus far: If a regular bearer token is stolen, it can potentially be used by a malicious client to impersonate the client that it was intended for. Adding audience information into the token mitigates some of the danger, but also constrains where the token can be used in a way that might be too restrictive. DPoP is instead an example of a "sender-constrained" token pattern, where the access token contains a reference to an ephemeral public key, and every request where it's used must be additionally accompanied by a request-specific token that's signed by the corresponding private key. This proves that the client using the access token also possesses the private key for the token, which at least allows the token to be used with multiple resource servers with less risk of it being misused.

So, the DPoP auth flow differs from Spring's default OAuth2 flow in two ways: the initial token request contains more information than the usual token request; and, each request made by the app needs to create and sign a JWT that will accompany the request in addition to the access token. Let's take a look at how to implement both of these steps.

Overriding the Token Request

In the authorization code grant flow for requesting access tokens, the authorization process is kicked off by the client sending an initial request to the auth server's authorization endpoint. The auth server then responds with a code, which the client includes in a final request to the auth server's token endpoint to obtain its tokens. Solid OIDC recommends using a more secure variation on this exchange called PKCE ("Proof Key for Code Exchange"), which adds a code verifier into the mix; the client generates a code verifier and sends its hash along with the authorization request, and when it makes its token request, it must also include the original code verifier so that the auth server can confirm that it originated the authorization request.

Spring autoconfigures classes that implement both the authorization code grant flow and the PKCE variation, which we can reuse for the first half of our DPoP flow. What we need to customize is the second half -- the token request itself.

To do this we implement the OAuth2AccessTokenResponseClient interface, parameterized with OAuth2AuthorizationCodeGrantRequest since DPoP uses the authorization code grant flow. (For reference, the default implementation provided by Spring can be found in the DefaultAuthorizationCodeTokenResponseClient class.) In the tokenRequest method of our class, we do the following:

retrieve the code verifier generated during the authorization request

retrieve the code received in response to the authorization request

generate an ephemeral key pair, and save it somewhere the app can access it during the lifetime of the session

construct a JWT with request-specific info, and sign it using our generated private key

make a request to the token endpoint using the above data, and return the result as an OAuth2AccessTokenResponse.

Here's the concrete implementation of all of that. We get the various data that we need from the OAuth2AuthorizationCodeGrantRequest object passed to our method. We then call on RequestContextHolder to get the current session ID and use that to save the session keys we generate to a map in the DPoPUtils bean. We create and sign a JWT which goes into the DPoP header, make the token request, and finally convert the response to an OAuth2AccessTokenResponse.

Using the DPoP Access Token

Now, to make authenticated requests to a Solid pod our app will need access to both an Authentication object (provided automatically by Spring) containing the DPoP access token obtained from the above, as well as DPoPUtils for the key pair needed to use the token.

On each request, the application must generate a fresh JWT and place it in a DPoP header as demonstrated by the authHeaders method below:

private fun authHeaders( authToken: String, sessionId: String, method: String, requestURI: String ): HttpHeaders { val headers = HttpHeaders() headers.add("Authorization", "DPoP $authToken") dpopUtils.sessionKey(sessionId)?.let { key -> headers.add("DPoP", dpopUtils.dpopJWT(method, requestURI, key)) } return headers }

The body of the JWT created by DPoPUtils#dpopJWT contains claims that identify the HTTP method and the target URI of the request:

private fun payload(method: String, targetURI: String) : JWTClaimsSet = JWTClaimsSet.Builder() .jwtID(UUID.randomUUID().toString()) .issueTime(Date.from(Instant.now())) .claim("htm", method) .claim("htu", targetURI) .build()

A GET request, for example, would then look something like this:

val headers = authHeaders( authToken, sessionId, "GET", requestURI ) val httpEntity = HttpEntity(headers) val response = restTemplate.exchange( requestURI, HttpMethod.GET, httpEntity, String::class.java )

A couple of last things to note: First, the session ID passed to the above methods is not retrieved from RequestContextHolder as before, but from the Authentication object provided by Spring:

val sessionId = ((authentication as OAuth2AuthenticationToken) .details as WebAuthenticationDetails).sessionId

And second, we want the ephemeral keys we generate during the token request to be removed from DPoPUtils when the session they were created for is destroyed. To accomplish this, we create an HttpSessionListener and override its sessionDestroyed method:

@Component class KeyRemovalSessionListener( private val dPoPUtils: DPoPUtils ) : HttpSessionListener { override fun sessionDestroyed(se: HttpSessionEvent) { val securityContext = se.session .getAttribute("SPRING_SECURITY_CONTEXT") as SecurityContextImpl val webAuthDetails = securityContext.authentication.details as WebAuthenticationDetails val sessionId = webAuthDetails.sessionId dPoPUtils.removeSessionKey(sessionId) } }

This method will be invoked on user logout as well as on session timeout.

#solidproject #Linked Data #oidc #spring #spring security #kotlin

0 notes

blkcancer · 6 years

Video

#Spittage from the #song "One Life To Live." #BlackoutRenegade was a #SolidProject and gave the best #MatureLyrics throughout #TheVibe .Shit just #TakeAListen and you'll #hear what Im talkin bout. #OriginalBeat by #AlphaOmega and cover by #ShamWow9th .Gotta keep #RapHipHopPoetry on a #roll because the lane doesnt have drivers like I. #Yeih + + #Rap #HipHop #Poetry #SpokenWord #Lyricism #FromTheHeart #Releasing #Relief #Understanding #BeingAMan #LifeHard #RollWitThePunches #Canman

0 notes

elijahsimonart · 6 years

Video

FREE! Head over to www.ElijahSimonArt.com to check it out. It’s 120 pages of intense storytelling. Now is a great chance to catch up on the story of SOLID!! 😄 . 👇 https://www.ElijahSimonArt.com . . #SolidProject #SolidOmega #Solid #Art #Anime #Manga #MangaArt #Animation #InstaArt #InstaArtist #ElijahSimon #create #OriginalCharacter #Comic #book #Comics #ComicBook #Original #Sketch #Cartoon #character #draw #ink #Indie #IndieComic #IndieGame #ENDtenseJET #ArtistOnInstagram #ElijahSimonArt #ENDtense https://www.instagram.com/p/Bq54j2OBAO7/?utm_source=ig_tumblr_share&igshid=x9hykghbot96

1 note · View note

elijahsimonart · 6 years

Photo

😂😂😂 Did you get your copy of Solid yet?! Head over to Amazon and get yours. Or you can both of them digitally for $2.99 each. 👍 . . . 👇 https://www.amazon.com/dp/B07HBY8SMG . . #SolidProject #SolidOmega #Solid #Art #Anime #Manga #MangaArt #Animation #InstaArt #InstaArtist #ElijahSimon #create #OriginalCharacter #Comic #book #Comics #ComicBook #Original #Sketch #Cartoon #character #draw #ink #Indie #IndieComic #IndieGame #ElijahSimonArt #ENDtense #ENDtenseJET #ArtistOnInstagram https://www.instagram.com/p/BqIzchTBiUi/?utm_source=ig_tumblr_share&igshid=11zq1yz33mb2k

1 note · View note

elijahsimonart · 6 years

Photo

Solid Maximum concept art 🧙‍♀️🌙🌕 Solid: The Curse of Radu! OUT NOW! . 👇 https://www.amazon.com/dp/B07HBY8SMG . . #SolidProject #SolidOmega #Solid #Art #Anime #Manga #MangaArt #Animation #InstaArt #InstaArtist #ElijahSimon #create #OriginalCharacter #Comic #book #Comics #ComicBook #Original #Sketch #Cartoon #character #draw #ink #Indie #IndieComic #IndieGame #ElijahSimonArt #ENDtense #ENDtenseJET #ArtistOnInstagram https://www.instagram.com/p/Bp500LeBsWk/?utm_source=ig_tumblr_share&igshid=zow5jmpojabr

1 note · View note

elijahsimonart · 6 years

Photo

Some really cool Solid fan art by my good friend @thatcartoonist 🙌 Thanks again bro! https://www.amazon.com/dp/1548120030 . . . . . #SolidProject #SolidOmega #Solid #Art #Anime #Manga #MangaArt #Animation #InstaArt #InstaArtist #ElijahSimon #create #OriginalCharacter #Comic #book #Comics #ComicBook #Original #Sketch #Cartoon #character #draw #ink #Indie #IndieComic #IndieGame #ElijahSimonArt #ENDtense #ENDtenseJET #ArtistOnInstagram https://www.instagram.com/p/BmuL-8WhFZQ/?utm_source=ig_tumblr_share&igshid=1jvjsqcihw3gp

2 notes · View notes

elijahsimonart · 6 years

Photo

🧙‍♀️🌙🌕 "Lady what is wrong with my skin?”. . . . . . . Solid: The Hunt For Omega https://www.amazon.com/dp/1548120030 . . . . . #SolidProject #SolidOmega #Solid #Art #Anime #Manga #MangaArt #Animation #InstaArt #InstaArtist #ElijahSimon #create #OriginalCharacter #Comic #book #Comics #ComicBook #Original #Sketch #Cartoon #character #draw #ink #Indie #IndieComic #IndieGame #ElijahSimonArt #ENDtense #ENDtenseJET #ArtistOnInstagram https://www.instagram.com/p/BmwBYi4hKxP/?utm_source=ig_tumblr_share&igshid=1dvy185lmklvp

1 note · View note

elijahsimonart · 6 years

Photo

@obiwan_brunobi came with some fan art of Young Robin Hood!😏 Really made my day with this. 🙏 Thanks bro! . . . . See Solid and Chups in action!! Digital version $2.99 Physical copy $9.99 🙏✔ . . . Solid: The Hunt For Omega https://www.amazon.com/dp/1548120030 . . . . . #SolidProject #SolidOmega #Solid #Art #Anime #Manga #MangaArt #Animation #InstaArt #InstaArtist #ElijahSimon #create #OriginalCharacter #Comic #book #Comics #ComicBook #Original #Sketch #Cartoon #character #draw #ink #Indie #IndieComic #IndieGame #ElijahSimonArt #ENDtense #ENDtenseJET #ArtistOnInstagram

1 note · View note

elijahsimonart · 6 years

Video

See Solid and Chups in action!! Digital version $2.99 Physical copy $9.99 🙏✔ . . Solid: The Hunt For Omega https://www.amazon.com/dp/1548120030 . . . . . #SolidProject #SolidOmega #Solid #Art #Anime #Manga #MangaArt #Animation #InstaArt #InstaArtist #ElijahSimon #create #OriginalCharacter #Comic #book #Comics #ComicBook #Original #Sketch #Cartoon #character #draw #ink #Indie #IndieComic #IndieGame #ElijahSimonArt #ENDtense #ENDtenseJET #ArtistOnInstagram

1 note · View note

elijahsimonart · 6 years

Photo

🧙‍♀️🌙🌕 "I've caused harm to many people." . . . . See Solid and Chups in action!! Digital version $2.99 Physical copy $9.99 🙏✔ . . . Solid: The Hunt For Omega https://www.amazon.com/dp/1548120030 . . . . . #SolidProject #SolidOmega #Solid #Art #Anime #Manga #MangaArt #Animation #InstaArt #InstaArtist #ElijahSimon #create #OriginalCharacter #Comic #book #Comics #ComicBook #Original #Sketch #Cartoon #character #draw #ink #Indie #IndieComic #IndieGame #ElijahSimonArt #ENDtense #ENDtenseJET #ArtistOnInstagram

1 note · View note

elijahsimonart · 6 years

Video

45 Minutes turned into 45 seconds ☑ ☑ This was from the YouTube Live Stream. . . . See Solid and Chups in action!! Digital version $2.99 Physical copy $9.99 🙏✔ . . . Solid: The Hunt For Omega https://www.amazon.com/dp/1548120030 . . . . . #SolidProject #SolidOmega #Solid #Art #Anime #Manga #MangaArt #Animation #InstaArt #InstaArtist #ElijahSimon #create #OriginalCharacter #Comic #book #Comics #ComicBook #Original #Sketch #Cartoon #character #draw #ink #Indie #IndieComic #IndieGame #ElijahSimonArt #ENDtense #ENDtenseJET #ArtistOnInstagram

1 note · View note

elijahsimonart · 6 years

Photo

Colored sketch from Today's Live Stream. Solid has Persephone's Dagger! . . . . See Solid and Chups in action!! Digital version $2.99 Physical copy $9.99 🙏✔ Solid: The Hunt For Omega https://www.amazon.com/dp/1548120030 . . . . . #SolidProject #SolidOmega #Solid #Art #Anime #Manga #MangaArt #Animation #InstaArt #InstaArtist #ElijahSimon #create #OriginalCharacter #Comic #book #Comics #ComicBook #Original #Sketch #Cartoon #character #draw #ink #Indie #IndieComic #IndieGame #ElijahSimonArt #ENDtense #ENDtenseJET #ArtistOnInstagram

1 note · View note

elijahsimonart · 5 years

Photo

2 years ago, I released my 1st solo book, SOLID: The Hunt For Omega. I look back on it and remember it as a 120 page learning experience. This is the project that has taught me the most. Don’t worry, I won’t get too sappy and start ranting lol... If you wanna’ download it or read it digitally, you can check it out for FREE on my website. ✔️ See ya soon! 🤙🏾 👑 . . www.ElijahSimonArt.com . . #SolidProject #SolidOmega #Solid #Art #Anime #Manga #MangaArt #Animation #InstaArt #InstaArtist #ElijahSimon #create #OriginalCharacter #Comic #book #Comics #ComicBook #Original #Sketch #Cartoon #character #draw #ink #Indie #IndieComic #IndieGame #ENDtenseJET #ArtistOnInstagram #ElijahSimonArt #ENDtense https://www.instagram.com/p/B07IvCABNiN/?igshid=om4d9mglc3ee

0 notes

elijahsimonart · 7 years

Photo

See Solid and Chups in action!! Digital version $2.99 Physical copy $9.99 🙏✔ Solid: The Hunt For Omega https://www.amazon.com/dp/1548120030 . . . . . . #SolidProject #SolidOmega #Solid #Art #Anime #Manga #MangaArt #Animation #InstaArt #InstaArtist #ElijahSimon #intense #create #IntenseStudios #Comic #book #Comics #ComicBook #Original #Sketch #Cartoon #character #draw #ink #Indie #IndieComic #IndieGame #ElijahSimonArt #ENDTense #ArtistOnInstagram

1 note · View note