should the profile announce the oidcIssuer?

[michielbdejong]

See https://github.com/solid/webid-oidc-spec/pull/27/files#diff-61c52fb85033efbef0b9097849fce597R78

That's not in https://github.com/solid/node-solid-server/blob/master/default-templates/new-account/profile/card%24.ttl

[jaxoncreed]

So right now there are two ways that the profile can announce the oidc issuer. The first is the one linked above, and that works well for WebIDs that are not on Solid servers. The other way (which is the way it works on NSS) is to provide the issuer in the Link header.

Though I do agree that maybe this should be brought into question. The Link header isn't very transparent and maybe all profiles should just include the issuer including the ones hosted on a Solid server.

[elf-pavlik]

We have marked Link header discover as at risk: https://github.com/solid/webid-oidc-spec#issuer-discovery-from-link-header

I recall that some things also check /.well-known/openid-configuration, see nodeSolidServer/oidc-auth-manager#36

AFAIK discovery from WebID Profile still stays broken in solid-auth-client nodeSolidServer/solid-auth-client#107

[jaxoncreed]

Should a pull request be made to remove the link header discover? I agree that it's not as good as just putting it in your profile document.