Some comments on score annotation and <SelectableScore> about music-scholars-annotator HOT 4 OPEN

Also: I've just been trying to use the app to authenticate using the inrupt.com enterprise server - it doesn't seem to respond to the "go" button whenI enter my own POD URI (as opposed to using one of the buttons below).

from music-scholars-annotator.

Re the authentication issue: it appears that the solid-auth-client popup is incompatible with the Inrupt enterprise server. There is a note in solid-auth-client saying "⚠️ New projects should use solid-client-authn or solid-auth-fetcher instead, which leverage the secure DPoP authentication mechanism from the current Solid specification, as implemented by all the various Solid server implementations."

What I'm seeing is this:

auth-popup.html:23 GET https://pod.inrupt.com/.well-known/openid-configuration 401

auth-popup.html:28 Error logging in with WebID-OIDC

auth-popup.html:28 Error: Error fetching openid configuration: 401 
    at auth-popup.html:23
    at async http:/localhost:8080/auth-popup.html:28
    at async Se (auth-popup.html:28)
    at async Object.<anonymous> (auth-popup.html:28)

The failure seems to be that the client code expects to be able to retrieve /.well-known/openid-configuration, which apparently isn't supported by the Inrupt enterprise server. It's possible that this is because .well-known is defined only for the root of a web domain, and Inrupt places user pods in their own subpath (e.g. /gklyne/ in my case). But that's just a guess. My public profile is at https://pod.inrupt.com/gklyne/profile/card#me .

from music-scholars-annotator.

Hi @gklyne, thanks for the detailed review!

Here are some rough responses, happy to continue discussing them in this ticket or in some others

there appears to be no selection type for whole piece (e.g. no fragment): I would have thought being able to attach annotations to the whole piece is a fairly common requirement?

Very valid argument, it should be added! We can open a new ticket for this

In annotationItem.js, about line 600, code does a crude attempt at URI resolution.

Agreed, let's open a new ticket

[notes about abstraction, documentation, and separation of concerns]

These are all valid points. This tool grew rather ... organically, and there are definitely some parts which do things that they shouldn't. There are a few moving parts here that we want to improve:

• I've been working on the annotation tools, which is going to give us a single place for an annotations data model, as well as api methods to read and write annotations
• Wtih @musicog we have a few ideas about how we might want to change SelectableScore - given that we have the above annotations library we can probably move some things out of this library and into the annotations one. Regarding documentation, we could add a bit more to the readme of this app to say which major dependencies we use
• Depending on budget constraints, your comments about refactoring to separate concerns is definitely something that we should improve. I think with the above annotation library, and a better knowledge about how annotation tasks are performed in general (especially taking into account other tools that we developed during trompa), we should be able to split this up in a way that makes it easier to understand, and easier to reuse react components in other projects as well.

It's possible that this is because .well-known is defined only for the root of a web domain, and Inrupt places user pods in their own subpath (e.g. /gklyne/ in my case).

I don't think this is the case. From the webid-oidc spec: "This is always located at the OP's host followed by /.well-known/openid-configuration"
It's possible that this spec has changed since I last read it, and the other auth projects that you mentioned do this discovery differently

It's interesting to see that the inrupt pod uses subpaths! When I spoke with @musicog about this a few years ago I was surprised that the sample node-solid-server didn't support this. The developers were very against this type of user path for some reason. Great to see that someone has done it.

There is a note in solid-auth-client saying "⚠️ New projects should use solid-client-authn or solid-auth-fetcher instead"

It's a shame that there seems to be such a habit here to make one piece of software and then throw it away and make another one. We've seen this happen in a few places in trompa. I promise that solid-auth-client was the recommended tool to use when we first started the project... Perhaps it's not too difficult to perform an upgrade to one of these.

Thanks for the notes!

from music-scholars-annotator.

from music-scholars-annotator.