Skip to content

fix: use optional SOLID_RESOURCE_URL for authenticated fetch example #16

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jeswr merged 3 commits into from
Feb 21, 2026
Merged

fix: use optional SOLID_RESOURCE_URL for authenticated fetch example #16

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
b2928e2
Initial plan
Copilot Feb 21, 2026
81c610d
fix: add optional SOLID_RESOURCE_URL env var for the resource to fetch
Copilot Feb 21, 2026
0ceb69e
Apply suggestions from code review
jeswr Feb 21, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 9 additions & 5 deletions docs/guides/authenticating_with_a_script.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,7 @@ import { Session } from '@inrupt/solid-client-authn-node';
const CLIENT_ID = process.env.SOLID_CLIENT_ID;
const CLIENT_SECRET = process.env.SOLID_CLIENT_SECRET;
const OIDC_ISSUER = process.env.SOLID_OIDC_ISSUER; // Your authorization server URL (sometimes called IdP, sometimes same as your Solid server URL)
const RESOURCE_URL = process.env.SOLID_RESOURCE_URL; // URL of the protected resource to fetch (optional)
Copy link

Copilot AI Feb 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The comment says this is a "protected resource" URL, but the code explicitly falls back to fetching the WebID profile document (which is often public). Consider updating the inline comment to reflect the actual behavior (e.g., optional resource URL that defaults to the WebID profile) so the example isn’t self-contradictory.

Suggested change
const RESOURCE_URL = process.env.SOLID_RESOURCE_URL; // URL of the protected resource to fetch (optional)
const RESOURCE_URL = process.env.SOLID_RESOURCE_URL; // Optional resource URL to fetch; defaults to your WebID profile if not set

Copilot uses AI. Check for mistakes.

async function main() {
// Create a new session and log in
Expand All @@ -90,8 +91,9 @@ async function main() {

// session.fetch works just like the standard fetch API,
// but automatically includes authentication headers.
const response = await session.fetch(session.info.webId);
console.log(`GET ${session.info.webId} — ${response.status}`);
const resourceUrl = RESOURCE_URL ?? session.info.webId;
Copy link

Copilot AI Feb 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using the nullish coalescing operator here means an empty-string SOLID_RESOURCE_URL (e.g., set but blank in a .env) will be treated as a valid URL and passed to fetch, which will throw. If the intent is “use env var when it’s a non-empty string”, prefer a check that also treats '' as unset (e.g., using || or trimming/validating before selecting the URL).

Suggested change
const resourceUrl = RESOURCE_URL ?? session.info.webId;
const resourceUrl =
RESOURCE_URL && RESOURCE_URL.trim()
? RESOURCE_URL
: session.info.webId;

Copilot uses AI. Check for mistakes.
const response = await session.fetch(resourceUrl);
console.log(`GET ${resourceUrl} — ${response.status}`);
console.log(await response.text());

// Always log out when done
Expand All @@ -102,14 +104,15 @@ async function main() {
main().catch(console.error);
```

Run the script, passing your credentials and authorization server URL (sometimes same as Solid server URL) as environment variables.
Run the script, passing your credentials, authorization server URL (sometimes same as Solid server URL), and optionally the URL of the protected resource you want to fetch as environment variables.

On **Linux / macOS** (Bash):

```bash
SOLID_CLIENT_ID="your-client-id" \
SOLID_CLIENT_SECRET="your-client-secret" \
SOLID_OIDC_ISSUER="http://localhost:3000" \
SOLID_RESOURCE_URL="http://localhost:3000/your-pod/private-resource" \
node index.js
```

Expand All @@ -119,12 +122,13 @@ On **Windows** (PowerShell):
$env:SOLID_CLIENT_ID="your-client-id"
$env:SOLID_CLIENT_SECRET="your-client-secret"
$env:SOLID_OIDC_ISSUER="http://localhost:3000"
$env:SOLID_RESOURCE_URL="http://localhost:3000/your-pod/private-resource"
node index.js
```

Replace `http://localhost:3000` with the URL of your Solid server (for example, `https://solidcommunity.net` or `https://login.inrupt.com`).
Replace `http://localhost:3000` with the URL of your authorization server (for example, `https://solidcommunity.net` or `https://login.inrupt.com`), and set `SOLID_RESOURCE_URL` to the URL of the private resource you want to access. If `SOLID_RESOURCE_URL` is omitted, the script falls back to fetching your WebID profile document.
Copy link

Copilot AI Feb 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This instruction suggests replacing http://localhost:3000 with the authorization server URL, but the example now uses the same placeholder host for both SOLID_OIDC_ISSUER (auth server) and SOLID_RESOURCE_URL (resource/POD server). For many setups (e.g., Inrupt), these are different hosts; consider rewording to explicitly say “set SOLID_OIDC_ISSUER to your authorization server” and “set SOLID_RESOURCE_URL to the resource URL on your Pod/server”, rather than a single replacement step.

Suggested change
Replace `http://localhost:3000` with the URL of your authorization server (for example, `https://solidcommunity.net` or `https://login.inrupt.com`), and set `SOLID_RESOURCE_URL` to the URL of the private resource you want to access. If `SOLID_RESOURCE_URL` is omitted, the script falls back to fetching your WebID profile document.
Set `SOLID_OIDC_ISSUER` to the URL of your authorization server (for example, `https://solidcommunity.net` or `https://login.inrupt.com`), and set `SOLID_RESOURCE_URL` to the URL of the private resource you want to access on your Pod/server. If `SOLID_RESOURCE_URL` is omitted, the script falls back to fetching your WebID profile document.

Copilot uses AI. Check for mistakes.

You should see your profile document printed to the console.
You should see the contents of the resource printed to the console.

## Tips

Expand Down