Option to disable dynamic registration of Solid apps

[michielbdejong]

By default, CSS includes the app authorisation mechanism (OIDC consent dialog) that #38 aims to fix.

The presence of this module allows any website in the world to request access to a user's pod, and if the user clicks 'Authorize' then this website gets full read-write access to all the user's data.

However, one could also probably configure CSS without this dialog, thus removing the need for both #38 and #64.

One could then use a custom mechanism to hand out OIDC tokens to only a hand-picked list of clients, and this would make the server a lot safer (although of course, less versatile) to use.

[michielbdejong]

In fact, one could even use the same mechanism for the consent flow, just restrict it to registered apps and disable dynamic registration.

[michielbdejong]

curl https://pivot.pondersource.com/.well-known/openid-configuration
[...]
"registration_endpoint":"https://pivot.pondersource.com/.oidc/reg",

[michielbdejong]

https://github.com/CommunitySolidServer/CommunitySolidServer/blob/43b92281138cb99f747341c00c1c79c451f1beed/src/identity/configuration/IdentityProviderFactory.ts#L358

[michielbdejong]

It's probably going to be something to pass to the config of the https://github.com/panva/node-oidc-provider component

[michielbdejong]

Ah wait, this wouldn't make sense, because even if you wouldn't give them root access to your storage, you would still want to share your identity with random apps around the web!