Inrupt takes the security of our software products and services seriously. This includes all source code repositories managed through our GitHub organization.
If you believe you have found a security vulnerability in any Inrupt-owned repository please report it to us as described below.
These libraries help developers create Solid applications. The libraries are composed of different modules with different features.
- Some modules help with reading and writing data in Solid servers. Data should always be considered sensitive and be processed with care and regards to access restrictions and personal information.
- Some modules help with Authentication. Authentication is a sensitive domain, and as such we designed these libraries with a particular attention to security. In particular, we decided to apply the following rules:
- Comply with the OAuth security guidelines. This involves, among other things:
- No support for the implicit grant and the resource owner password grant;
- The use of a PKCE token;
- Binding tokens to a DPoP key to make them sender-constrained whenever possible.
- Comply with the OAuth security guidelines. This involves, among other things:
Please do not report security vulnerabilities through public GitHub issues.
Instead, if you discover a vulnerability in our code, or experience a bug related to security, please report it following the instructions provided on Inrupt’s security page.
We prefer all communications to be in English.