Authentication

JSS supports multiple authentication methods.

Simple Tokens (Development)

Token returned from pod creation:

curl -H "Authorization: Bearer YOUR_TOKEN" http://localhost:3000/alice/private/

Solid-OIDC

Built-in Identity Provider

jss start --idp

Create a user:

curl -X POST http://localhost:3000/.pods \
  -H "Content-Type: application/json" \
  -d '{"name": "alice", "email": "alice@example.com", "password": "secret123"}'

OIDC Discovery: /.well-known/openid-configuration

External Identity Providers

JSS accepts DPoP-bound tokens from any Solid IdP:

curl -H "Authorization: DPoP ACCESS_TOKEN" \
     -H "DPoP: DPOP_PROOF" \
     http://localhost:3000/alice/private/

Nostr Authentication (NIP-98)

Sign requests with Nostr keys. Install the credential helper for git:

npm install -g git-credential-nostr
git-credential-nostr generate
git config --global credential.helper nostr
git config --global nostr.privkey <key>

See git-credential-nostr for details.

End-to-end encryption

The same secp256k1 keypair used by did:nostr also provides the ECDH primitive for NIP-44 / NIP-04 content encryption — clients can encrypt before PUT and decrypt after GET with no server-side changes. See End-to-End Encryption.

Simple Tokens (Development)​

Solid-OIDC​

Built-in Identity Provider​

External Identity Providers​

Nostr Authentication (NIP-98)​

End-to-end encryption​