doctor
Diagnostics for Solid pods and the decentralized-web stack.
LWS / CID v1 profile shape
Enter a WebID URL. The checker fetches it as application/ld+json and validates against the
W3C Controlled Identifiers v1.0
profile expected by
LWS 1.0 auth.
Results
Raw profile JSON
Add a Nostr verification method
Read your Nostr public key from a NIP-07
signer (e.g. xlogin) and produce the
verificationMethod JSON to add to your profile. Encoding follows
did:nostr's Multikey recipe.
No keys are sent anywhere — this is a pure client-side computation.
- Nostr pubkey (hex)
- publicKeyMultibase
Patch to apply
Add these triples to your . Field
id uses the #nostr-key-1 fragment by convention — pick another
if it collides.
For end-to-end auth without copy/paste, see "Strict LWS10-CID auth setup" below — it signs you in, writes the VM, and tests authentication for you.
Strict LWS10-CID auth setup
Sign in to your pod, paste a secp256k1 private key as 64 hex chars (the raw
32-byte key behind your Nostr nsec1… bech32 — same key,
different signature scheme), and the doctor adds a
JsonWebKey verificationMethod to your profile (read-modify-write over
authenticated GET + PUT) and signs a real
LWS10-CID
JWT to authenticate. The private key never leaves your browser.
1. Add an ES256K verificationMethod
Paste your secp256k1 private key as 64 hex chars (the raw 32-byte
key, not a bech32 nsec1…). Same key used for Nostr signing — only
the signature scheme differs (ECDSA here vs Schnorr for Nostr events). The key
is held in memory for this tab only; it is never persisted.
Implementation: authenticated GET → merge VM → PUT (with
If-Match when the server provides an ETag). True
PATCH isn't used because JSS's JSON-LD ↔ Turtle conneg
layer has known edge cases on patch round-trips.
2. Sign a test JWT and authenticate
Builds an LWS10-CID JWT signed with your privkey, hits your pod
with Authorization: Bearer <jwt>, and reports the verifier's
response.