feat: Full rework of account management

Complete rewrite of the account management and related systems.
Makes the architecture more modular,
allowing for easier extensions and configurations.

.componentsignore

@@ -11,6 +11,7 @@
   "ChangeMap",
   "CredentialSet",
   "Dict",
+  "EmptyObject",
   "Error",
   "EventEmitter",
   "FetchDocumentLoader",
@@ -21,6 +22,7 @@
   "IndexTypeCollection",
   "IdentifierMap",
   "IdentifierSetMultiMap",
+  "interactionPolicy.DefaultPolicy",
   "NodeJS.Dict",
   "NotificationChannelType",
   "PermissionMap",

RELEASE_NOTES.md

@@ -5,13 +5,26 @@
 ### New features
 
 - The minimum supported Node version is now v18.
+- Account management and everything related to it have been drastically changed,
+  see the [usage documentation](https://communitysolidserver.github.io/CommunitySolidServer/7.x/usage/identity-provider/)
+  for an overview of the new features,
+  and the [architecture documentation](http://communitysolidserver.github.io/CommunitySolidServer/7.x/architecture/features/accounts/overview/)
+  for an overview of the new structure.
+  Creating an account now requires multiple steps, but allows you to have multiple pods or WebIDs for 1 account.
+  The architecture has been updated to be more easily extensible.
+- Pod seeding has been updated to account for the new account management, with an update CLI parameter `--seedConfig`,
+  see the [updated documentation](https://communitysolidserver.github.io/CommunitySolidServer/7.x/usage/seeding-pods/)
+  for more details.
+- Due to the changes in account management, setup has been removed completely.
+  The `*-no-setup.json` configurations have been renamed to `*-root.json` to indicate their focus on the root container.
 - The `StaticAssetHandler` can now be used to link static pages to containers.
   This can be used to set a static page for the root container of a server.
   See the `/config/app/init/static-root.json` config for an example.
 
 ### Data migration
 
-No actions are required to migrate data.
+Old account data will need to be migrated as described in the
+[documentation](https://communitysolidserver.github.io/CommunitySolidServer/7.x/usage/account/migration/).
 
 ### Configuration changes
 
@@ -23,16 +36,21 @@ The `@context` needs to be updated to
 The following changes pertain to the imports in the default configs:
 
 - There is a new `static-root.json` import option for `app/init`, setting a static page for the root container.
+- There is a new set of imports `identity/interaction` to determine the IDP features.
+- There is a new set of imports `storage/location` to determine where the root storage of the server is located.
+- The `app/setup`and `identity/registration` imports have been removed.
 
 The following changes are relevant for v6 custom configs that replaced certain features.
 
+- All configurations that had a reference to setup have been updated.
 - `/app/init/*` imports have changed. Functionality remained the same though.
 - All imports that define storages have been updated with new storage classes.
     - `/http/notifications/base/storage.json`
-    - `/identity/*`
     - `/storage/keyvalue/storages/storages.json`
 - All identifiers containing the string "WebHook" have been renamed to instead use "Webhook"
   to be consistent with the notification type.
+- `/identity/*` configurations have drastically changed due to the account management update.
+- `/http/static/default.json` has been updated to allow easier overriding of the static resources.
 
 ### Interface changes
 
@@ -45,6 +63,10 @@ These changes are relevant if you wrote custom modules for the server that depen
   `HashEncodingPathStorage` has similarly been replaced by introducing `HashEncodingStorage`.
 - All classes with the name `WebHook*` have been renamed to `Webhook*`
   to be consistent with the corresponding notification type.
+- Most classes related to the IDP have been changed.
+- All classes related to setup have been removed.
+- The `StaticAssetHandler` has bene updated to support the new functionality.
+- `SeededPodInitializer` has been renamed to `SeededAccountInitializer`.
 
 ## v6.1.0
 

config/app/README.md

@@ -8,8 +8,9 @@ Contains a list of initializer that need to be run when starting the server.
 
 * *default*: The default setup. The ParallelHandler can be used to add custom Initializers.
 * *initialize-root*: Makes sure the root container has the necessary resources to function properly.
-                     This is only relevant if setup is disabled but root container access is still required.
-* *initialize-prefilled-root*: Similar to `initialize-root` but adds some introductory resources to the root container.
+* *initialize-prefilled-root*: Similar to `initialize-root` but adds an index page to the root container.
+* *initialize-intro*: Similar to `initialize-prefilled-root` but adds an index page
+                      specific to the memory-based server of the default configuration.
 * *static-root*: Shows a static introduction page at the server root. This is not a Solid resource.
 
 ## Main

config/app/init/base/init.json

@@ -4,7 +4,7 @@
     "css:config/app/init/initializers/base-url.json",
     "css:config/app/init/initializers/logger.json",
     "css:config/app/init/initializers/server.json",
-    "css:config/app/init/initializers/seeded-pod.json",
+    "css:config/app/init/initializers/seeding.json",
     "css:config/app/init/initializers/version.json",
     "css:config/app/init/initializers/workers.json"
   ],
@@ -33,7 +33,7 @@
           { "@id": "urn:solid-server:default:CleanupInitializer"},
           { "@id": "urn:solid-server:default:BaseUrlVerifier" },
           { "@id": "urn:solid-server:default:PrimaryParallelInitializer" },
-          { "@id": "urn:solid-server:default:SeededPodInitializer" },
+          { "@id": "urn:solid-server:default:SeededAccountInitializer" },
           { "@id": "urn:solid-server:default:ModuleVersionVerifier" },
           { "@id": "urn:solid-server:default:WorkerManager" }
         ]

config/app/init/initialize-intro.json

@@ -0,0 +1,22 @@
+{
+  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
+  "import": [
+    "css:config/app/init/default.json",
+    "css:config/app/init/initializers/root.json"
+  ],
+  "@graph": [
+    {
+      "comment": "Initializes the root container resource.",
+      "@id": "urn:solid-server:default:PrimaryParallelInitializer",
+      "@type": "ParallelHandler",
+      "handlers": [
+        { "@id": "urn:solid-server:default:RootInitializer" }
+      ]
+    },
+    {
+      "@id": "urn:solid-server:default:RootFolderGenerator",
+      "@type": "StaticFolderGenerator",
+      "templateFolder": "@css:templates/root/intro"
+    }
+  ]
+}

config/app/init/initializers/seeded-pod.json

@@ -1,23 +0,0 @@
-{
-  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
-  "@graph": [
-    {
-      "comment": "Separate manager from the RegistrationHandler in case registration is disabled.",
-      "@id": "urn:solid-server:default:SeededPodRegistrationManager",
-      "@type": "RegistrationManager",
-      "args_baseUrl": { "@id": "urn:solid-server:default:variable:baseUrl" },
-      "args_webIdSuffix": "/profile/card#me",
-      "args_identifierGenerator": { "@id": "urn:solid-server:default:IdentifierGenerator" },
-      "args_ownershipValidator": { "@id": "urn:solid-server:auth:password:OwnershipValidator" },
-      "args_accountStore": { "@id": "urn:solid-server:auth:password:AccountStore" },
-      "args_podManager": { "@id": "urn:solid-server:default:PodManager" }
-    },
-    {
-      "comment": "Initializer that instantiates all the seeded accounts and pods.",
-      "@id": "urn:solid-server:default:SeededPodInitializer",
-      "@type": "SeededPodInitializer",
-      "registrationManager": { "@id": "urn:solid-server:default:SeededPodRegistrationManager" },
-      "configFilePath": { "@id": "urn:solid-server:default:variable:seededPodConfigJson" }
-    }
-  ]
-}

config/app/init/initializers/seeding.json

@@ -0,0 +1,14 @@
+{
+  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
+  "@graph": [
+    {
+      "comment": "Initializer that instantiates all the seeded accounts and pods.",
+      "@id": "urn:solid-server:default:SeededAccountInitializer",
+      "@type": "SeededAccountInitializer",
+      "accountHandler": { "@id": "urn:solid-server:default:CreateAccountHandler" },
+      "passwordHandler": { "@id": "urn:solid-server:default:CreatePasswordHandler" },
+      "podHandler": { "@id": "urn:solid-server:default:CreatePodHandler" },
+      "configFilePath": { "@id": "urn:solid-server:default:variable:seedConfig" }
+    }
+  ]
+}

config/app/variables/cli/cli.json

@@ -105,11 +105,11 @@
         },
         {
           "@type": "YargsParameter",
-          "name": "seededPodConfigJson",
+          "name": "seedConfig",
           "options": {
             "requiresArg": true,
             "type": "string",
-            "describe": "Path to the file that will be used to seed pods."
+            "describe": "Path to the file that will be used to seed accounts and pods."
           }
         },
         {

config/app/variables/resolver/resolver.json

@@ -68,10 +68,10 @@
           }
         },
         {
-          "CombinedShorthandResolver:_resolvers_key": "urn:solid-server:default:variable:seededPodConfigJson",
+          "CombinedShorthandResolver:_resolvers_key": "urn:solid-server:default:variable:seedConfig",
           "CombinedShorthandResolver:_resolvers_value": {
             "@type": "AssetPathExtractor",
-            "key": "seededPodConfigJson"
+            "key": "seedConfig"
           }
         },
         {

config/default.json

@@ -2,7 +2,7 @@
   "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
   "import": [
     "css:config/app/main/default.json",
-    "css:config/app/init/initialize-prefilled-root.json",
+    "css:config/app/init/initialize-intro.json",
     "css:config/app/variables/default.json",
     "css:config/http/handler/default.json",
     "css:config/http/middleware/default.json",
@@ -12,9 +12,9 @@
     "css:config/identity/access/public.json",
     "css:config/identity/email/default.json",
     "css:config/identity/handler/default.json",
+    "css:config/identity/interaction/default.json",
     "css:config/identity/ownership/token.json",
     "css:config/identity/pod/static.json",
-    "css:config/identity/registration/enabled.json",
     "css:config/ldp/authentication/dpop-bearer.json",
     "css:config/ldp/authorization/webacl.json",
     "css:config/ldp/handler/default.json",

config/dynamic.json

@@ -12,9 +12,9 @@
     "css:config/identity/access/public.json",
     "css:config/identity/email/default.json",
     "css:config/identity/handler/default.json",
+    "css:config/identity/interaction/default.json",
     "css:config/identity/ownership/token.json",
     "css:config/identity/pod/dynamic.json",
-    "css:config/identity/registration/enabled.json",
     "css:config/ldp/authentication/dpop-bearer.json",
     "css:config/ldp/authorization/webacl.json",
     "css:config/ldp/handler/default.json",

config/example-https-file.json

@@ -12,9 +12,9 @@
     "css:config/identity/access/public.json",
     "css:config/identity/email/default.json",
     "css:config/identity/handler/default.json",
+    "css:config/identity/interaction/default.json",
     "css:config/identity/ownership/token.json",
     "css:config/identity/pod/static.json",
-    "css:config/identity/registration/enabled.json",
     "css:config/ldp/authentication/dpop-bearer.json",
     "css:config/ldp/authorization/webacl.json",
     "css:config/ldp/handler/default.json",

config/file-acp.json

@@ -12,9 +12,9 @@
     "css:config/identity/access/public.json",
     "css:config/identity/email/default.json",
     "css:config/identity/handler/default.json",
+    "css:config/identity/interaction/default.json",
     "css:config/identity/ownership/token.json",
     "css:config/identity/pod/static.json",
-    "css:config/identity/registration/enabled.json",
     "css:config/ldp/authentication/dpop-bearer.json",
     "css:config/ldp/authorization/acp.json",
     "css:config/ldp/handler/default.json",

config/file-root.json

@@ -12,9 +12,9 @@
     "css:config/identity/access/public.json",
     "css:config/identity/email/default.json",
     "css:config/identity/handler/default.json",
+    "css:config/identity/interaction/no-accounts.json",
     "css:config/identity/ownership/token.json",
     "css:config/identity/pod/static.json",
-    "css:config/identity/registration/disabled.json",
     "css:config/ldp/authentication/dpop-bearer.json",
     "css:config/ldp/authorization/webacl.json",
     "css:config/ldp/handler/default.json",

config/file.json

@@ -12,9 +12,9 @@
     "css:config/identity/access/public.json",
     "css:config/identity/email/default.json",
     "css:config/identity/handler/default.json",
+    "css:config/identity/interaction/default.json",
     "css:config/identity/ownership/token.json",
     "css:config/identity/pod/static.json",
-    "css:config/identity/registration/enabled.json",
     "css:config/ldp/authentication/dpop-bearer.json",
     "css:config/ldp/authorization/webacl.json",
     "css:config/ldp/handler/default.json",

config/http/notifications/base/description.json

@@ -21,7 +21,10 @@
       "comment": "The root URL of all Notification subscription routes.",
       "@id": "urn:solid-server:default:NotificationRoute",
       "@type": "RelativePathInteractionRoute",
-      "base": { "@id": "urn:solid-server:default:variable:baseUrl" },
+      "base": {
+        "@type": "AbsolutePathInteractionRoute",
+        "path": { "@id": "urn:solid-server:default:variable:baseUrl" }
+      },
       "relativePath": "/.notifications/"
     }
   ]

config/http/notifications/webhooks/routes.json

@@ -11,7 +11,8 @@
       "@id": "urn:solid-server:default:WebhookWebIdRoute",
       "@type": "RelativePathInteractionRoute",
       "base": { "@id": "urn:solid-server:default:WebhookRoute" },
-      "relativePath": "/webId"
+      "relativePath": "/webId",
+      "ensureSlash": false
     },
 
     {

config/https-file-cli.json

@@ -12,9 +12,9 @@
     "css:config/identity/access/public.json",
     "css:config/identity/email/default.json",
     "css:config/identity/handler/default.json",
+    "css:config/identity/interaction/default.json",
     "css:config/identity/ownership/token.json",
     "css:config/identity/pod/static.json",
-    "css:config/identity/registration/enabled.json",
     "css:config/ldp/authentication/dpop-bearer.json",
     "css:config/ldp/authorization/webacl.json",
     "css:config/ldp/handler/default.json",

config/identity/README.md

@@ -27,8 +27,15 @@ Necessary for sending e-mail when using IDP.
 
 Contains everything needed for setting up the Identity Provider.
 
-* *default*: As of writing there is not much customization possible.
-  This contains everything needed.
+* *default*: Contains all the core components of the IDP.
+
+## Interaction
+
+Everything related to the JSON API and its routing.
+
+* *default*: Everything enabled.
+* *no-accounts*: Disables the creation of new accounts.
+* *no-pods*: Disables the creation of new pods.
 
 ## Ownership
 
@@ -44,10 +51,3 @@ What to use for pod creation.
 * *dynamic*: Every created pod has its own Components.js config for its ResourceStore,
   which can differ from the others.
 * *static*: All pod data is stored in separate containers in the same ResourceStore.
-
-## Registration
-
-If users should be able to register on the server.
-
-* *enabled*: Enables registration.
-* *disabled*: Disables registration.

config/identity/access/initializers/idp.json

@@ -11,7 +11,7 @@
       "source": {
         "@type": "ContainerInitializer",
         "args_baseUrl": { "@id": "urn:solid-server:default:variable:baseUrl" },
-        "args_path": "/idp/",
+        "args_path": "/.account/",
         "args_store": { "@id": "urn:solid-server:default:ResourceStore" },
         "args_generator": {
           "@type": "StaticFolderGenerator",

config/identity/email/default.json

@@ -4,7 +4,8 @@
     {
       "comment": "The default configuration does not contain credentials for an email client. In production systems, you likely want to set up your own.",
       "@id": "urn:solid-server:default:EmailSender",
-      "@type": "UnsupportedAsyncHandler"
+      "@type": "UnsupportedAsyncHandler",
+      "errorMessage": "No email server is configured."
     }
   ]
 }

config/identity/handler/account-store/default.json

@@ -1,35 +0,0 @@
-{
-  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
-  "@graph": [
-    {
-      "comment": "The storage adapter that persists usernames, passwords, etc.",
-      "@id": "urn:solid-server:auth:password:AccountStore",
-      "@type": "BaseAccountStore",
-      "saltRounds": 10,
-      "storage": {
-        "@type": "Base64EncodingStorage",
-        "source": {
-          "@type": "ContainerPathStorage",
-          "relativePath": "/accounts/",
-          "source": { "@id": "urn:solid-server:default:KeyValueStorage" }
-        }
-      },
-      "forgotPasswordStorage": {
-        "@id": "urn:solid-server:default:ExpiringForgotPasswordStorage"
-      }
-    },
-    {
-      "comment": "Stores expiring data. This class has a `finalize` function that needs to be called after stopping the server.",
-      "@id": "urn:solid-server:default:ExpiringForgotPasswordStorage",
-      "@type": "WrappedExpiringStorage",
-      "source": {
-        "@type": "Base64EncodingStorage",
-        "source": {
-          "@type": "ContainerPathStorage",
-          "relativePath": "/forgot-password/",
-          "source": { "@id": "urn:solid-server:default:KeyValueStorage" }
-        }
-      }
-    }
-  ]
-}

config/identity/handler/adapter-factory/webid.json

@@ -5,10 +5,11 @@
       "comment": "An adapter is responsible for storing all interaction metadata.",
       "@id": "urn:solid-server:default:IdpAdapterFactory",
       "@type": "ClientCredentialsAdapterFactory",
-      "storage": { "@id": "urn:solid-server:auth:password:CredentialsStorage" },
+      "accountStore": { "@id": "urn:solid-server:default:AccountStore" },
+      "clientCredentialsStore": { "@id": "urn:solid-server:default:ClientCredentialsStore" },
       "source": {
         "@type": "WebIdAdapterFactory",
-        "converter": {"@id": "urn:solid-server:default:RepresentationConverter" },
+        "converter": { "@id": "urn:solid-server:default:RepresentationConverter" },
         "source": {
           "@type": "ExpiringAdapterFactory",
           "storage": {

config/identity/handler/default.json

@@ -1,46 +1,46 @@
 {
   "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
   "import": [
-    "css:config/identity/handler/account-store/default.json",
     "css:config/identity/handler/adapter-factory/webid.json",
-    "css:config/identity/handler/interaction/routes.json",
     "css:config/identity/handler/jwks/default.json",
-    "css:config/identity/handler/provider-factory/identity.json"
+    "css:config/identity/handler/provider-factory/identity.json",
+    "css:config/identity/handler/storage/default.json",
+    "css:config/identity/handler/storage/password.json"
   ],
   "@graph": [
     {
       "comment": "Routes all IDP related requests to the relevant handlers.",
       "@id": "urn:solid-server:default:IdentityProviderHandler",
       "@type": "RouterHandler",
-      "args_baseUrl": { "@id": "urn:solid-server:default:variable:baseUrl" },
-      "args_targetExtractor": { "@id": "urn:solid-server:default:TargetExtractor" },
-      "args_allowedPathNames": [ "^/idp/.*" ],
-      "args_handler": { "@id": "urn:solid-server:default:IdentityProviderParsingHandler" }
+      "baseUrl": { "@id": "urn:solid-server:default:variable:baseUrl" },
+      "targetExtractor": { "@id": "urn:solid-server:default:TargetExtractor" },
+      "allowedPathNames": [ "^/.account/.*" ],
+      "handler": { "@id": "urn:solid-server:default:IdentityProviderParsingHandler" }
     },
     {
       "comment": "Handles IDP input parsing.",
       "@id": "urn:solid-server:default:IdentityProviderParsingHandler",
       "@type": "ParsingHttpHandler",
-      "args_requestParser": { "@id": "urn:solid-server:default:RequestParser" },
-      "args_errorHandler": { "@id": "urn:solid-server:default:ErrorHandler" },
-      "args_responseWriter": { "@id": "urn:solid-server:default:ResponseWriter" },
-      "args_operationHandler": {
+      "requestParser": { "@id": "urn:solid-server:default:RequestParser" },
+      "errorHandler": { "@id": "urn:solid-server:default:ErrorHandler" },
+      "responseWriter": { "@id": "urn:solid-server:default:ResponseWriter" },
+      "operationHandler": {
         "comment": "Handles IDP input authorization. Permission reader should be set to allow all if no authorization is needed.",
         "@type": "AuthorizingHttpHandler",
         "@id": "urn:solid-server:default:IdentityProviderAuthorizingHandler",
-        "args_credentialsExtractor": { "@id": "urn:solid-server:default:CredentialsExtractor" },
-        "args_modesExtractor": { "@id": "urn:solid-server:default:ModesExtractor" },
-        "args_authorizer": { "@id": "urn:solid-server:default:Authorizer" },
-        "args_operationHandler": { "@id": "urn:solid-server:default:IdentityProviderHttpHandler" }
+        "credentialsExtractor": { "@id": "urn:solid-server:default:CredentialsExtractor" },
+        "modesExtractor": { "@id": "urn:solid-server:default:ModesExtractor" },
+        "authorizer": { "@id": "urn:solid-server:default:Authorizer" },
+        "operationHandler": { "@id": "urn:solid-server:default:IdentityProviderHttpHandler" }
       }
     },
     {
       "comment": "Handles IDP handler behaviour.",
       "@id": "urn:solid-server:default:IdentityProviderHttpHandler",
       "@type": "IdentityProviderHttpHandler",
-      "args_providerFactory": { "@id": "urn:solid-server:default:IdentityProviderFactory" },
-      "args_converter": { "@id": "urn:solid-server:default:RepresentationConverter" },
-      "args_handler": { "@id": "urn:solid-server:default:InteractionHandler" }
+      "providerFactory": { "@id": "urn:solid-server:default:IdentityProviderFactory" },
+      "cookieStore": { "@id": "urn:solid-server:default:CookieStore" },
+      "handler": { "@id": "urn:solid-server:default:InteractionHandler" }
     }
   ]
 }

config/identity/handler/interaction/routes.json

@@ -1,52 +0,0 @@
-{
-  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
-  "import": [
-    "css:config/identity/handler/interaction/routes/consent.json",
-    "css:config/identity/handler/interaction/routes/credentials.json",
-    "css:config/identity/handler/interaction/routes/forgot-password.json",
-    "css:config/identity/handler/interaction/routes/index.json",
-    "css:config/identity/handler/interaction/routes/login.json",
-    "css:config/identity/handler/interaction/routes/prompt.json",
-    "css:config/identity/handler/interaction/routes/reset-password.json",
-    "css:config/identity/handler/interaction/views/controls.json",
-    "css:config/identity/handler/interaction/views/html.json"
-  ],
-  "@graph": [
-    {
-      "@id": "urn:solid-server:default:InteractionHandler",
-      "@type": "WaterfallHandler",
-      "handlers": [
-        {
-          "comment": "Returns the relevant HTML pages for the interactions when needed",
-          "@id": "urn:solid-server:auth:password:HtmlViewHandler"
-        },
-        {
-          "comment": "Adds controls and API version to JSON responses.",
-          "@id": "urn:solid-server:auth:password:ControlHandler",
-          "@type": "ControlHandler",
-          "source" : { "@id": "urn:solid-server:auth:password:LocationInteractionHandler" }
-        }
-      ]
-    },
-    {
-      "comment": "Converts 3xx redirects to 200 JSON responses for consumption by browser scripts.",
-      "@id": "urn:solid-server:auth:password:LocationInteractionHandler",
-      "@type": "LocationInteractionHandler",
-      "source" : { "@id": "urn:solid-server:auth:password:InteractionRouteHandler" }
-    },
-    {
-      "comment": "Handles every interaction based on their route.",
-      "@id": "urn:solid-server:auth:password:InteractionRouteHandler",
-      "@type": "WaterfallHandler",
-      "handlers": [
-        { "@id": "urn:solid-server:auth:password:IndexRouteHandler" },
-        { "@id": "urn:solid-server:auth:password:PromptRouteHandler" },
-        { "@id": "urn:solid-server:auth:password:LoginRouteHandler" },
-        { "@id": "urn:solid-server:auth:password:ConsentRouteHandler" },
-        { "@id": "urn:solid-server:auth:password:ForgotPasswordRouteHandler" },
-        { "@id": "urn:solid-server:auth:password:ResetPasswordRouteHandler" },
-        { "@id": "urn:solid-server:auth:password:CredentialsRouteHandler" }
-      ]
-    }
-  ]
-}

config/identity/handler/interaction/routes/consent.json

@@ -1,21 +0,0 @@
-{
-  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
-  "@graph": [
-    {
-      "comment": "Handles the interaction that occurs when a logged in user wants to authenticate with a new app.",
-      "@id": "urn:solid-server:auth:password:ConsentRouteHandler",
-      "@type":"InteractionRouteHandler",
-      "route": {
-        "@id": "urn:solid-server:auth:password:ConsentRoute",
-        "@type": "RelativePathInteractionRoute",
-        "base": { "@id": "urn:solid-server:auth:password:IndexRoute" },
-        "relativePath": "/consent/"
-      },
-      "source": {
-        "@id": "urn:solid-server:auth:password:ConsentHandler",
-        "@type": "ConsentHandler",
-        "providerFactory": { "@id": "urn:solid-server:default:IdentityProviderFactory" }
-      }
-    }
-  ]
-}

config/identity/handler/interaction/routes/credentials.json

@@ -1,53 +0,0 @@
-{
-  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
-  "@graph": [
-    {
-      "comment": "Stores all client credential tokens.",
-      "@id": "urn:solid-server:auth:password:CredentialsStorage",
-      "@type": "Base64EncodingStorage",
-      "source": {
-        "@type": "ContainerPathStorage",
-        "relativePath": "/accounts/credentials/",
-        "source": { "@id": "urn:solid-server:default:KeyValueStorage" }
-      }
-    },
-    {
-      "comment": "Handles credential tokens. These can be used to automate clients. See documentation for more info.",
-      "@id": "urn:solid-server:auth:password:CredentialsRouteHandler",
-      "@type":"InteractionRouteHandler",
-      "route": {
-        "@id": "urn:solid-server:auth:password:CredentialsRoute",
-        "@type": "RelativePathInteractionRoute",
-        "base": { "@id": "urn:solid-server:auth:password:IndexRoute" },
-        "relativePath": "/credentials/"
-      },
-      "source": {
-        "@id": "urn:solid-server:auth:password:CredentialsHandler",
-        "@type": "EmailPasswordAuthorizer",
-        "accountStore": { "@id": "urn:solid-server:auth:password:AccountStore" },
-        "source": {
-          "@type": "WaterfallHandler",
-          "handlers": [
-            {
-              "@type": "CreateCredentialsHandler",
-              "accountStore": { "@id": "urn:solid-server:auth:password:AccountStore" },
-              "credentialStorage": { "@id": "urn:solid-server:auth:password:CredentialsStorage" }
-            },
-            {
-              "@type": "DeleteCredentialsHandler",
-              "accountStore": { "@id": "urn:solid-server:auth:password:AccountStore" },
-              "credentialStorage": { "@id": "urn:solid-server:auth:password:CredentialsStorage" }
-            },
-            {
-              "@type": "ListCredentialsHandler",
-              "accountStore": { "@id": "urn:solid-server:auth:password:AccountStore" }
-            }
-          ]
-        }
-      }
-    },
-    {
-
-    }
-  ]
-}

config/identity/handler/interaction/routes/forgot-password.json

@@ -1,28 +0,0 @@
-{
-  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
-  "@graph": [
-    {
-      "comment": "Handles the forgot password interaction",
-      "@id": "urn:solid-server:auth:password:ForgotPasswordRouteHandler",
-      "@type":"InteractionRouteHandler",
-      "route": {
-        "@id": "urn:solid-server:auth:password:ForgotPasswordRoute",
-        "@type": "RelativePathInteractionRoute",
-        "base": { "@id": "urn:solid-server:auth:password:IndexRoute" },
-        "relativePath": "/forgotpassword/"
-      },
-      "source": {
-        "@id": "urn:solid-server:auth:password:ForgotPasswordHandler",
-        "@type": "ForgotPasswordHandler",
-        "args_accountStore": { "@id": "urn:solid-server:auth:password:AccountStore" },
-        "args_templateEngine": {
-          "@type": "StaticTemplateEngine",
-          "templateEngine": { "@id": "urn:solid-server:default:TemplateEngine" },
-          "template": "@css:templates/identity/email-password/reset-password-email.html.ejs"
-        },
-        "args_emailSender": { "@id": "urn:solid-server:default:EmailSender" },
-        "args_resetRoute": { "@id": "urn:solid-server:auth:password:ResetPasswordRoute" }
-      }
-    }
-  ]
-}

config/identity/handler/interaction/routes/index.json

@@ -1,21 +0,0 @@
-{
-  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
-  "@graph": [
-    {
-      "comment": "Root API entry. Returns an empty body so we can add controls pointing to other interaction routes.",
-      "@id": "urn:solid-server:auth:password:IndexRouteHandler",
-      "@type": "InteractionRouteHandler",
-      "route": {
-        "@id": "urn:solid-server:auth:password:IndexRoute",
-        "@type": "RelativePathInteractionRoute",
-        "base": { "@id": "urn:solid-server:default:variable:baseUrl" },
-        "relativePath": "/idp/"
-      },
-      "source": {
-        "@id": "urn:solid-server:auth:password:IndexHandler",
-        "@type": "FixedInteractionHandler",
-        "response": {}
-      }
-    }
-  ]
-}

config/identity/handler/interaction/routes/login.json

@@ -1,21 +0,0 @@
-{
-  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
-  "@graph": [
-    {
-      "comment": "Handles the login interaction",
-      "@id": "urn:solid-server:auth:password:LoginRouteHandler",
-      "@type": "InteractionRouteHandler",
-      "route": {
-        "@id": "urn:solid-server:auth:password:LoginRoute",
-        "@type": "RelativePathInteractionRoute",
-        "base": { "@id": "urn:solid-server:auth:password:IndexRoute" },
-        "relativePath": "/login/"
-      },
-      "source": {
-        "@id": "urn:solid-server:auth:password:LoginHandler",
-        "@type": "LoginHandler",
-        "accountStore": { "@id": "urn:solid-server:auth:password:AccountStore" }
-      }
-    }
-  ]
-}

config/identity/handler/interaction/routes/prompt.json

@@ -1,30 +0,0 @@
-{
-  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
-  "@graph": [
-    {
-      "comment": "Handles OIDC redirects containing a prompt, such as login or consent.",
-      "@id": "urn:solid-server:auth:password:PromptRouteHandler",
-      "@type": "InteractionRouteHandler",
-      "route": {
-        "@id": "urn:solid-server:auth:password:PromptRoute",
-        "@type": "RelativePathInteractionRoute",
-        "base": { "@id": "urn:solid-server:auth:password:IndexRoute" },
-        "relativePath": "/prompt/"
-      },
-      "source": {
-        "@type": "PromptHandler",
-        "@id": "urn:solid-server:auth:password:PromptHandler",
-        "promptRoutes": [
-          {
-            "PromptHandler:_promptRoutes_key": "login",
-            "PromptHandler:_promptRoutes_value": { "@id": "urn:solid-server:auth:password:LoginRoute" }
-          },
-          {
-            "PromptHandler:_promptRoutes_key": "consent",
-            "PromptHandler:_promptRoutes_value": { "@id": "urn:solid-server:auth:password:ConsentRoute" }
-          }
-        ]
-      }
-    }
-  ]
-}

config/identity/handler/interaction/routes/reset-password.json

@@ -1,21 +0,0 @@
-{
-  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
-  "@graph": [
-    {
-      "comment": "Handles the reset password interaction",
-      "@id": "urn:solid-server:auth:password:ResetPasswordRouteHandler",
-      "@type": "InteractionRouteHandler",
-      "route": {
-        "@id": "urn:solid-server:auth:password:ResetPasswordRoute",
-        "@type": "RelativePathInteractionRoute",
-        "base": { "@id": "urn:solid-server:auth:password:IndexRoute" },
-        "relativePath": "/resetpassword/"
-      },
-      "source": {
-        "@id": "urn:solid-server:auth:password:ResetPasswordHandler",
-        "@type": "ResetPasswordHandler",
-        "accountStore": { "@id": "urn:solid-server:auth:password:AccountStore" }
-      }
-    }
-  ]
-}

config/identity/handler/interaction/views/controls.json

@@ -1,31 +0,0 @@
-{
-  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
-  "@graph": [
-    {
-      "@id": "urn:solid-server:auth:password:ControlHandler",
-      "@type": "ControlHandler",
-      "controls": [
-        {
-          "ControlHandler:_controls_key": "index",
-          "ControlHandler:_controls_value": { "@id": "urn:solid-server:auth:password:IndexRoute" }
-        },
-        {
-          "ControlHandler:_controls_key": "prompt",
-          "ControlHandler:_controls_value": { "@id": "urn:solid-server:auth:password:PromptRoute" }
-        },
-        {
-          "ControlHandler:_controls_key": "login",
-          "ControlHandler:_controls_value": { "@id": "urn:solid-server:auth:password:LoginRoute" }
-        },
-        {
-          "ControlHandler:_controls_key": "forgotPassword",
-          "ControlHandler:_controls_value": { "@id": "urn:solid-server:auth:password:ForgotPasswordRoute" }
-        },
-        {
-          "ControlHandler:_controls_key": "credentials",
-          "ControlHandler:_controls_value": { "@id": "urn:solid-server:auth:password:CredentialsRoute" }
-        }
-      ]
-    }
-  ]
-}

config/identity/handler/interaction/views/html.json

@@ -1,45 +0,0 @@
-{
-  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
-  "@graph": [
-    {
-      "@id": "urn:solid-server:auth:password:HtmlViewHandler",
-      "@type": "HtmlViewHandler",
-      "index": { "@id": "urn:solid-server:auth:password:IndexRoute" },
-      "templateEngine": {
-        "comment": "Renders the specific page and embeds it into the main HTML body.",
-        "@type": "ChainedTemplateEngine",
-        "renderedName": "htmlBody",
-        "engines": [
-          {
-            "comment": "Will be called with specific templates to generate HTML snippets.",
-            "@id": "urn:solid-server:default:TemplateEngine"
-          },
-          {
-            "comment": "Will embed the result of the first engine into the main HTML template.",
-            "@type": "StaticTemplateEngine",
-            "templateEngine": { "@id": "urn:solid-server:default:TemplateEngine" },
-            "template": "@css:templates/main.html.ejs"
-          }
-        ]
-      },
-      "templates": [
-        {
-          "HtmlViewHandler:_templates_key": "@css:templates/identity/email-password/login.html.ejs",
-          "HtmlViewHandler:_templates_value": { "@id": "urn:solid-server:auth:password:LoginRoute" }
-        },
-        {
-          "HtmlViewHandler:_templates_key": "@css:templates/identity/email-password/consent.html.ejs",
-          "HtmlViewHandler:_templates_value": { "@id": "urn:solid-server:auth:password:ConsentRoute" }
-        },
-        {
-          "HtmlViewHandler:_templates_key": "@css:templates/identity/email-password/forgot-password.html.ejs",
-          "HtmlViewHandler:_templates_value": { "@id": "urn:solid-server:auth:password:ForgotPasswordRoute" }
-        },
-        {
-          "HtmlViewHandler:_templates_key": "@css:templates/identity/email-password/reset-password.html.ejs",
-          "HtmlViewHandler:_templates_value": { "@id": "urn:solid-server:auth:password:ResetPasswordRoute" }
-        }
-      ]
-    }
-  ]
-}

config/identity/handler/provider-factory/identity.json

@@ -5,16 +5,28 @@
       "comment":  "Sets all the relevant Solid-OIDC parameters.",
       "@id": "urn:solid-server:default:IdentityProviderFactory",
       "@type": "IdentityProviderFactory",
+      "promptFactory": {
+        "@id": "urn:solid-server:default:PromptFactory",
+        "@type": "SequenceHandler",
+        "handlers": [
+          {
+            "@type": "AccountPromptFactory",
+            "accountStore": { "@id": "urn:solid-server:default:AccountStore" },
+            "cookieStore": { "@id": "urn:solid-server:default:CookieStore" },
+            "cookieName": { "@id": "urn:solid-server:default:value:accountCookieName" }
+          }
+        ]
+      },
       "adapterFactory": { "@id": "urn:solid-server:default:IdpAdapterFactory" },
       "baseUrl": { "@id": "urn:solid-server:default:variable:baseUrl" },
       "oidcPath": "/.oidc",
-      "interactionHandler": { "@id": "urn:solid-server:auth:password:PromptHandler" },
-      "credentialStorage": { "@id": "urn:solid-server:auth:password:CredentialsStorage" },
+      "clientCredentialsStore": { "@id": "urn:solid-server:default:ClientCredentialsStore" },
       "storage": { "@id": "urn:solid-server:default:KeyStorage" },
       "jwkGenerator": { "@id": "urn:solid-server:default:JwkGenerator" },
       "showStackTrace": { "@id": "urn:solid-server:default:variable:showStackTrace" },
       "errorHandler": { "@id": "urn:solid-server:default:ErrorHandler" },
       "responseWriter": { "@id": "urn:solid-server:default:ResponseWriter" },
+      "interactionRoute": { "@id": "urn:solid-server:default:IndexRoute" },
       "config": {
         "claims": {
           "openid": [ "azp" ],

config/identity/handler/storage/default.json

@@ -0,0 +1,78 @@
+{
+  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
+  "@graph": [
+    {
+      "@id": "urn:solid-server:default:AccountStore",
+      "@type": "BaseAccountStore",
+      "storage": {
+        "@id": "urn:solid-server:default:AccountStorage",
+        "@type": "WrappedExpiringStorage",
+        "source": {
+          "@type": "Base64EncodingStorage",
+          "source": {
+            "@type": "ContainerPathStorage",
+            "relativePath": "/accounts/data/",
+            "source": { "@id": "urn:solid-server:default:KeyValueStorage" }
+          }
+        }
+      }
+    },
+
+    {
+      "@id": "urn:solid-server:default:WebIdStore",
+      "@type": "BaseWebIdStore",
+      "webIdRoute": { "@id": "urn:solid-server:default:AccountWebIdLinkRoute" },
+      "accountStore": { "@id": "urn:solid-server:default:AccountStore" },
+      "storage": {
+        "@id": "urn:solid-server:default:WebIdStorage",
+        "@type": "Base64EncodingStorage",
+        "source": {
+          "@type": "ContainerPathStorage",
+          "relativePath": "/accounts/webIds/",
+          "source": { "@id": "urn:solid-server:default:KeyValueStorage" }
+        }
+      }
+    },
+
+    {
+      "@id": "urn:solid-server:default:CookieStore",
+      "@type": "BaseCookieStore",
+      "storage": {
+        "@id": "urn:solid-server:default:CookieStorage",
+        "@type": "WrappedExpiringStorage",
+        "source": {
+          "@type": "Base64EncodingStorage",
+          "source": {
+            "@type": "ContainerPathStorage",
+            "relativePath": "/accounts/cookies/",
+            "source": { "@id": "urn:solid-server:default:KeyValueStorage" }
+          }
+        }
+      }
+    },
+
+    {
+      "@id": "urn:solid-server:default:PodStore",
+      "@type": "BasePodStore",
+      "accountStore": { "@id": "urn:solid-server:default:AccountStore" },
+      "podRoute": { "@id": "urn:solid-server:default:AccountPodIdRoute" },
+      "manager": { "@id": "urn:solid-server:default:PodManager" }
+    },
+
+    {
+      "@id": "urn:solid-server:default:ClientCredentialsStore",
+      "@type": "BaseClientCredentialsStore",
+      "clientCredentialsRoute": { "@id": "urn:solid-server:default:AccountClientCredentialsIdRoute" },
+      "accountStore": { "@id": "urn:solid-server:default:AccountStore" },
+      "storage": {
+        "@id": "urn:solid-server:default:ClientCredentialsStorage",
+        "@type": "Base64EncodingStorage",
+        "source": {
+          "@type": "ContainerPathStorage",
+          "relativePath": "/accounts/client-credentials/",
+          "source": { "@id": "urn:solid-server:default:KeyValueStorage" }
+        }
+      }
+    }
+  ]
+}

config/identity/handler/storage/password.json

@@ -0,0 +1,35 @@
+{
+  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
+  "@graph": [
+    {
+      "@id": "urn:solid-server:default:PasswordStore",
+      "@type": "BasePasswordStore",
+      "storage": {
+        "@id": "urn:solid-server:default:PasswordStorage",
+        "@type": "Base64EncodingStorage",
+        "source": {
+          "@type": "ContainerPathStorage",
+          "relativePath": "/accounts/logins/password/",
+          "source": { "@id": "urn:solid-server:default:KeyValueStorage" }
+        }
+      }
+    },
+
+    {
+      "@id": "urn:solid-server:default:ForgotPasswordStore",
+      "@type": "BaseForgotPasswordStore",
+      "storage": {
+        "@id": "urn:solid-server:default:ForgotPasswordStorage",
+        "@type": "WrappedExpiringStorage",
+        "source": {
+          "@type": "Base64EncodingStorage",
+          "source": {
+            "@type": "ContainerPathStorage",
+            "relativePath": "/accounts/logins/password/forgot/",
+            "source": {  "@id": "urn:solid-server:default:KeyValueStorage" }
+          }
+        }
+      }
+    }
+  ]
+}

config/identity/interaction/default.json

@@ -0,0 +1,16 @@
+{
+  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
+  "import": [
+    "css:config/identity/interaction/routing/default.json",
+    "css:config/identity/interaction/enable/account.json",
+    "css:config/identity/interaction/enable/client-credentials.json",
+    "css:config/identity/interaction/enable/password.json",
+    "css:config/identity/interaction/enable/pod.json",
+    "css:config/identity/interaction/enable/webid.json"
+  ],
+  "@graph": [
+    {
+      "comment": "Enables all account-related features."
+    }
+  ]
+}

config/identity/interaction/enable/account.json

@@ -0,0 +1,56 @@
+{
+  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
+  "@graph": [
+    {
+      "comment": "Enable account creation."
+    },
+    {
+      "@id": "urn:solid-server:default:InteractionRouteHandler",
+      "@type": "WaterfallHandler",
+      "handlers": [{ "@id": "urn:solid-server:default:AccountRouter" }]
+    },
+
+    {
+      "@id": "urn:solid-server:default:AccountControlHandler",
+      "@type": "ControlHandler",
+      "controls": [{
+        "ControlHandler:_controls_key": "create",
+        "ControlHandler:_controls_value": { "@id": "urn:solid-server:default:AccountRoute" }
+      }]
+    },
+
+    {
+      "comment": "The parts below are specific for password logins, but will not cause issues should password logins be disabled."
+    },
+    {
+      "comment": "Route only used for an HTML page (and its corresponding controls).",
+      "@id": "urn:solid-server:default:RegisterPasswordRoute",
+      "@type": "RelativePathInteractionRoute",
+      "base": { "@id": "urn:solid-server:default:LoginPasswordRoute" },
+      "relativePath": "register/"
+    },
+    {
+      "@id": "urn:solid-server:default:HtmlViewHandler",
+      "@type": "HtmlViewHandler",
+      "templates": [
+        {
+          "@id": "urn:solid-server:default:RegisterPasswordAccountHtml",
+          "@type": "HtmlViewEntry",
+          "filePath": "@css:templates/identity/password/register.html.ejs",
+          "route": { "@id": "urn:solid-server:default:RegisterPasswordRoute" }
+        }
+      ]
+    },
+    {
+      "@id": "urn:solid-server:default:PasswordHtmlControlHandler",
+      "@type": "ControlHandler",
+      "controls": [
+        {
+          "ControlHandler:_controls_key": "register",
+          "ControlHandler:_controls_value": { "@id": "urn:solid-server:default:RegisterPasswordRoute" }
+        }
+      ]
+    }
+  ]
+}
+

config/identity/interaction/enable/client-credentials.json

@@ -0,0 +1,43 @@
+{
+  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
+  "@graph": [
+    {
+      "comment": "Enable client credentials creation."
+    },
+    {
+      "@id": "urn:solid-server:default:InteractionRouteHandler",
+      "@type": "WaterfallHandler",
+      "handlers": [{ "@id": "urn:solid-server:default:AccountClientCredentialsRouter" }]
+    },
+
+    {
+      "@id": "urn:solid-server:default:AccountControlHandler",
+      "@type": "ControlHandler",
+      "controls": [{
+        "ControlHandler:_controls_key": "clientCredentials",
+        "ControlHandler:_controls_value": { "@id": "urn:solid-server:default:AccountClientCredentialsRoute" }
+      }]
+    },
+
+    {
+      "@id": "urn:solid-server:default:HtmlViewHandler",
+      "@type": "HtmlViewHandler",
+      "templates": [{
+        "@id": "urn:solid-server:default:CreateClientCredentialsHtml",
+        "@type": "HtmlViewEntry",
+        "filePath": "@css:templates/identity/account/create-client-credentials.html.ejs",
+        "route": { "@id": "urn:solid-server:default:AccountClientCredentialsRoute" }
+      }]
+    },
+    {
+      "ControlHandler:_controls_value": {
+        "@id": "urn:solid-server:default:AccountHtmlControlHandler",
+        "@type": "ControlHandler",
+        "controls": [{
+          "ControlHandler:_controls_key": "createClientCredentials",
+          "ControlHandler:_controls_value": { "@id": "urn:solid-server:default:AccountClientCredentialsRoute" }
+        }]
+      }
+    }
+  ]
+}

config/identity/interaction/enable/password.json

@@ -0,0 +1,52 @@
+{
+  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
+  "@graph": [
+    {
+      "comment": "Enable creating email/password combinations as a login mechanism."
+    },
+    {
+      "@id": "urn:solid-server:default:ControlHandler",
+      "@type": "ControlHandler",
+      "controls": [
+        {
+          "ControlHandler:_controls_key": "password",
+          "ControlHandler:_controls_value": {
+            "comment": "All controls associated with the password login method.",
+            "@id": "urn:solid-server:default:PasswordControlHandler",
+            "@type": "ControlHandler",
+            "controls": []
+          }
+        }
+      ]
+    },
+
+    {
+      "comment": "Adds a link to the login page of this auth method to the list that contains all options",
+      "@id": "urn:solid-server:default:LoginHandler",
+      "@type": "ControlHandler",
+      "controls": [
+        {
+          "ControlHandler:_controls_key": "Email/password combination",
+          "ControlHandler:_controls_value": { "@id": "urn:solid-server:default:LoginPasswordRoute" }
+        }
+      ]
+    },
+
+    {
+      "@id": "urn:solid-server:default:HtmlControlHandler",
+      "@type": "ControlHandler",
+      "controls": [
+        {
+          "ControlHandler:_controls_key": "password",
+          "ControlHandler:_controls_value": {
+            "comment": "Contains the controls linking to all HTML pages related to password authentication.",
+            "@id": "urn:solid-server:default:PasswordHtmlControlHandler",
+            "@type": "ControlHandler",
+            "controls": []
+          }
+        }
+      ]
+    }
+  ]
+}
+

config/identity/interaction/enable/pod.json

@@ -0,0 +1,44 @@
+{
+  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
+  "@graph": [
+    {
+      "comment": "Enable pod creation."
+    },
+
+    {
+      "@id": "urn:solid-server:default:InteractionRouteHandler",
+      "@type": "WaterfallHandler",
+      "handlers": [
+        { "@id": "urn:solid-server:default:AccountPodRouter" }
+      ]
+    },
+
+    {
+      "@id": "urn:solid-server:default:AccountControlHandler",
+      "@type": "ControlHandler",
+      "controls": [{
+        "ControlHandler:_controls_key": "pod",
+        "ControlHandler:_controls_value": { "@id": "urn:solid-server:default:AccountPodRoute" }
+      }]
+    },
+
+    {
+      "@id": "urn:solid-server:default:HtmlViewHandler",
+      "@type": "HtmlViewHandler",
+      "templates": [{
+        "@id": "urn:solid-server:default:CreatePodHtml",
+        "@type": "HtmlViewEntry",
+        "filePath": "@css:templates/identity/account/create-pod.html.ejs",
+        "route": { "@id": "urn:solid-server:default:AccountPodRoute" }
+      }]
+    },
+    {
+      "@id": "urn:solid-server:default:AccountHtmlControlHandler",
+      "@type": "ControlHandler",
+      "controls": [{
+        "ControlHandler:_controls_key": "createPod",
+        "ControlHandler:_controls_value": { "@id": "urn:solid-server:default:AccountPodRoute" }
+      }]
+    }
+  ]
+}

config/identity/interaction/enable/webid.json

@@ -0,0 +1,44 @@
+{
+  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
+  "@graph": [
+    {
+      "comment": "Enable linking WebIDs to an account."
+    },
+
+    {
+      "@id": "urn:solid-server:default:InteractionRouteHandler",
+      "@type": "WaterfallHandler",
+      "handlers": [
+        { "@id": "urn:solid-server:default:AccountWebIdRouter" }
+      ]
+    },
+
+    {
+      "@id": "urn:solid-server:default:AccountControlHandler",
+      "@type": "ControlHandler",
+      "controls": [{
+        "ControlHandler:_controls_key": "webId",
+        "ControlHandler:_controls_value": { "@id": "urn:solid-server:default:AccountWebIdRoute" }
+      }]
+    },
+
+    {
+      "@id": "urn:solid-server:default:HtmlViewHandler",
+      "@type": "HtmlViewHandler",
+      "templates": [{
+        "@id": "urn:solid-server:default:LinkWebIdHtml",
+        "@type": "HtmlViewEntry",
+        "filePath": "@css:templates/identity/account/link-webid.html.ejs",
+        "route": { "@id": "urn:solid-server:default:AccountWebIdRoute" }
+      }]
+    },
+    {
+      "@id": "urn:solid-server:default:AccountHtmlControlHandler",
+      "@type": "ControlHandler",
+      "controls": [{
+        "ControlHandler:_controls_key": "linkWebId",
+        "ControlHandler:_controls_value": { "@id": "urn:solid-server:default:AccountWebIdRoute" }
+      }]
+    }
+  ]
+}

config/identity/interaction/no-accounts.json

@@ -0,0 +1,15 @@
+{
+  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
+  "import": [
+    "css:config/identity/interaction/routing/default.json",
+    "css:config/identity/interaction/enable/client-credentials.json",
+    "css:config/identity/interaction/enable/password.json",
+    "css:config/identity/interaction/enable/pod.json",
+    "css:config/identity/interaction/enable/webid.json"
+  ],
+  "@graph": [
+    {
+      "comment": "Disables account creation."
+    }
+  ]
+}

config/identity/interaction/no-pods.json

@@ -0,0 +1,15 @@
+{
+  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
+  "import": [
+    "css:config/identity/interaction/routing/default.json",
+    "css:config/identity/interaction/enable/account.json",
+    "css:config/identity/interaction/enable/client-credentials.json",
+    "css:config/identity/interaction/enable/password.json",
+    "css:config/identity/interaction/enable/webid.json"
+  ],
+  "@graph": [
+    {
+      "comment": "Disabled pod creation."
+    }
+  ]
+}

config/identity/interaction/routing/account/create.json

@@ -0,0 +1,37 @@
+{
+  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
+  "@graph": [
+    {
+      "comment": "Handles the account creation",
+      "@id": "urn:solid-server:default:AccountRouter",
+      "@type": "InteractionRouteHandler",
+      "route": {
+        "@id": "urn:solid-server:default:AccountRoute",
+        "@type": "RelativePathInteractionRoute",
+        "base": { "@id": "urn:solid-server:default:IndexRoute" },
+        "relativePath": "account/"
+      },
+      "source": {
+        "@type": "ViewInteractionHandler",
+        "source": {
+          "@id": "urn:solid-server:default:CreateAccountHandler",
+          "@type": "CreateAccountHandler",
+          "accountStore": { "@id": "urn:solid-server:default:AccountStore" },
+          "cookieStore": { "@id": "urn:solid-server:default:CookieStore" },
+          "accountRoute": { "@id": "urn:solid-server:default:AccountIdRoute" }
+        }
+      }
+    },
+
+    {
+      "@id": "urn:solid-server:default:HtmlViewHandler",
+      "@type": "HtmlViewHandler",
+      "templates": [{
+        "@id": "urn:solid-server:default:AccountHtml",
+        "@type": "HtmlViewEntry",
+        "filePath": "@css:templates/identity/account/account.html.ejs",
+        "route": { "@id": "urn:solid-server:default:AccountRoute" }
+      }]
+    }
+  ]
+}

config/identity/interaction/routing/account/login.json

@@ -0,0 +1,14 @@
+{
+  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
+  "@graph": [
+    {
+      "comment": "Base account login route that specific login implementations can extend.",
+      "@id": "urn:solid-server:default:AccountLoginRoute",
+      "@type": "RelativePathInteractionRoute",
+      "base": {
+        "@id": "urn:solid-server:default:AccountIdRoute"
+      },
+      "relativePath": "login/"
+    }
+  ]
+}

config/identity/interaction/routing/account/logout.json

@@ -0,0 +1,40 @@
+{
+  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
+  "@graph": [
+    {
+      "comment": "Handles logging a user out.",
+      "@id": "urn:solid-server:default:AccountLogoutRouter",
+      "@type": "AuthorizedRouteHandler",
+      "route": {
+        "@id": "urn:solid-server:default:AccountLogoutRoute",
+        "@type": "RelativePathInteractionRoute",
+        "base": { "@id": "urn:solid-server:default:AccountIdRoute" },
+        "relativePath": "logout/"
+      },
+      "source": {
+        "@type": "MethodFilterHandler",
+        "methods": [ "POST" ],
+        "source": {
+          "@id": "urn:solid-server:default:LogoutHandler",
+          "@type": "LogoutHandler",
+          "cookieStore": { "@id": "urn:solid-server:default:CookieStore" }
+        }
+      }
+    },
+
+    {
+      "@id": "urn:solid-server:default:InteractionRouteHandler",
+      "@type": "WaterfallHandler",
+      "handlers": [{ "@id": "urn:solid-server:default:AccountLogoutRouter" }]
+    },
+
+    {
+      "@id": "urn:solid-server:default:AccountControlHandler",
+      "@type": "ControlHandler",
+      "controls": [{
+        "ControlHandler:_controls_key": "logout",
+        "ControlHandler:_controls_value": { "@id": "urn:solid-server:default:AccountLogoutRoute" }
+      }]
+    }
+  ]
+}

config/identity/interaction/routing/account/main.json

@@ -0,0 +1,42 @@
+{
+  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
+  "import": [
+    "css:config/identity/interaction/routing/account/create.json",
+    "css:config/identity/interaction/routing/account/login.json",
+    "css:config/identity/interaction/routing/account/logout.json",
+    "css:config/identity/interaction/routing/account/resource.json"
+  ],
+  "@graph": [
+    {
+      "@id": "urn:solid-server:default:ControlHandler",
+      "@type": "ControlHandler",
+      "controls": [
+        {
+          "ControlHandler:_controls_key": "account",
+          "ControlHandler:_controls_value": {
+            "comment": "All controls related to account management.",
+            "@id": "urn:solid-server:default:AccountControlHandler",
+            "@type": "ControlHandler",
+            "controls": []
+          }
+        }
+      ]
+    },
+
+    {
+      "@id": "urn:solid-server:default:HtmlControlHandler",
+      "@type": "ControlHandler",
+      "controls": [
+        {
+          "ControlHandler:_controls_key": "account",
+          "ControlHandler:_controls_value": {
+            "comment": "Controls linking to account-related HTML pages.",
+            "@id": "urn:solid-server:default:AccountHtmlControlHandler",
+            "@type": "ControlHandler",
+            "controls": []
+          }
+        }
+      ]
+    }
+  ]
+}

config/identity/interaction/routing/account/resource.json

@@ -0,0 +1,60 @@
+{
+  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
+  "@graph": [
+    {
+      "comment": "Handles the account details.",
+      "@id": "urn:solid-server:default:AccountIdRouter",
+      "@type": "AuthorizedRouteHandler",
+      "route": {
+        "@id": "urn:solid-server:default:AccountIdRoute",
+        "@type": "BaseAccountIdRoute",
+        "base": { "@id": "urn:solid-server:default:AccountRoute" }
+      },
+      "source": {
+        "@id": "urn:solid-server:default:AccountResourceHandler",
+        "@type": "MethodFilterHandler",
+        "methods": [ "GET" ],
+        "source": {
+          "@type": "AccountDetailsHandler",
+          "accountStore": { "@id": "urn:solid-server:default:AccountStore" }
+        }
+      }
+    },
+
+    {
+      "@id": "urn:solid-server:default:InteractionRouteHandler",
+      "@type": "WaterfallHandler",
+      "handlers": [{ "@id": "urn:solid-server:default:AccountIdRouter" }]
+    },
+
+    {
+      "@id": "urn:solid-server:default:AccountControlHandler",
+      "@type": "ControlHandler",
+      "controls": [{
+        "ControlHandler:_controls_key": "account",
+        "ControlHandler:_controls_value": { "@id": "urn:solid-server:default:AccountIdRoute" }
+      }]
+    },
+
+    {
+      "@id": "urn:solid-server:default:HtmlViewHandler",
+      "@type": "HtmlViewHandler",
+      "templates": [{
+        "@id": "urn:solid-server:default:AccountIdHtml",
+        "@type": "HtmlViewEntry",
+        "filePath": "@css:templates/identity/account/resource.html.ejs",
+        "route": { "@id": "urn:solid-server:default:AccountIdRoute" }
+      }]
+    },
+    {
+      "@id": "urn:solid-server:default:AccountHtmlControlHandler",
+      "@type": "ControlHandler",
+      "controls": [
+        {
+          "ControlHandler:_controls_key": "account",
+          "ControlHandler:_controls_value": { "@id": "urn:solid-server:default:AccountIdRoute" }
+        }
+      ]
+    }
+  ]
+}

config/identity/interaction/routing/client-credentials/create.json

@@ -0,0 +1,25 @@
+{
+  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
+  "@graph": [
+    {
+      "comment": "Handles credential tokens. These can be used to automate clients. See documentation for more info.",
+      "@id": "urn:solid-server:default:AccountClientCredentialsRouter",
+      "@type": "AuthorizedRouteHandler",
+      "route": {
+        "@id": "urn:solid-server:default:AccountClientCredentialsRoute",
+        "@type": "RelativePathInteractionRoute",
+        "base": { "@id": "urn:solid-server:default:AccountIdRoute" },
+        "relativePath": "client-credentials/"
+      },
+      "source": {
+        "@type": "ViewInteractionHandler",
+        "source": {
+          "@id": "urn:solid-server:default:CreateClientCredentialsHandler",
+          "@type": "CreateClientCredentialsHandler",
+          "accountStore": { "@id": "urn:solid-server:default:AccountStore" },
+          "clientCredentialsStore": { "@id": "urn:solid-server:default:ClientCredentialsStore" }
+        }
+      }
+    }
+  ]
+}

config/identity/interaction/routing/client-credentials/resource.json

@@ -0,0 +1,45 @@
+{
+  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
+  "@graph": [
+    {
+      "comment": "Handles the client credentials link details such as deletion.",
+      "@id": "urn:solid-server:default:AccountClientCredentialsIdRouter",
+      "@type": "AuthorizedRouteHandler",
+      "route": {
+        "@id": "urn:solid-server:default:AccountClientCredentialsIdRoute",
+        "@type": "BaseClientCredentialsIdRoute",
+        "base": { "@id": "urn:solid-server:default:AccountClientCredentialsRoute" }
+      },
+      "source": {
+        "@id": "urn:solid-server:default:ClientCredentialsResourceHandler",
+        "@type": "WaterfallHandler",
+        "handlers": [
+          {
+            "@type": "MethodFilterHandler",
+            "methods": [ "GET" ],
+            "source": {
+              "@type": "ClientCredentialsDetailsHandler",
+              "accountStore": { "@id": "urn:solid-server:default:AccountStore" },
+              "clientCredentialsStore": { "@id": "urn:solid-server:default:ClientCredentialsStore" }
+            }
+          },
+          {
+            "@type": "MethodFilterHandler",
+            "methods": [ "DELETE" ],
+            "source": {
+              "@type": "DeleteClientCredentialsHandler",
+              "accountStore": { "@id": "urn:solid-server:default:AccountStore" },
+              "clientCredentialsStore": { "@id": "urn:solid-server:default:ClientCredentialsStore" }
+            }
+          }
+        ]
+      }
+    },
+
+    {
+      "@id": "urn:solid-server:default:InteractionRouteHandler",
+      "@type": "WaterfallHandler",
+      "handlers": [{ "@id": "urn:solid-server:default:AccountClientCredentialsIdRouter" }]
+    }
+  ]
+}

config/identity/interaction/routing/core/index.json

@@ -0,0 +1,49 @@
+{
+  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
+  "@graph": [
+    {
+      "comment": "Root API entry. Returns an empty body so we can add controls pointing to other interaction routes.",
+      "@id": "urn:solid-server:default:IndexRouter",
+      "@type": "InteractionRouteHandler",
+      "route": {
+        "@id": "urn:solid-server:default:IndexRoute",
+        "@type": "RelativePathInteractionRoute",
+        "base": {
+          "@type": "AbsolutePathInteractionRoute",
+          "path": { "@id": "urn:solid-server:default:variable:baseUrl" }
+        },
+        "relativePath": ".account/"
+      },
+      "source": {
+        "@type": "StaticInteractionHandler",
+        "response": {}
+      }
+    },
+
+    {
+      "@id": "urn:solid-server:default:InteractionRouteHandler",
+      "@type": "WaterfallHandler",
+      "handlers": [{ "@id": "urn:solid-server:default:IndexRouter" }]
+    },
+
+    {
+      "@id": "urn:solid-server:default:MainControlHandler",
+      "@type": "ControlHandler",
+      "controls": [{
+        "ControlHandler:_controls_key": "index",
+        "ControlHandler:_controls_value": { "@id": "urn:solid-server:default:IndexRoute" }
+      }]
+    },
+
+    {
+      "@id": "urn:solid-server:default:HtmlViewHandler",
+      "@type": "HtmlViewHandler",
+      "templates": [{
+        "@id": "urn:solid-server:default:IndexHtml",
+        "@type": "HtmlViewEntry",
+        "filePath": "@css:templates/identity/index.html.ejs",
+        "route": { "@id": "urn:solid-server:default:IndexRoute" }
+      }]
+    }
+  ]
+}

config/identity/interaction/routing/core/login.json

@@ -0,0 +1,72 @@
+{
+  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
+  "@graph": [
+    {
+      "comment": "Returns the links of the HTML pages that can be used to log in with specific methods.",
+      "@id": "urn:solid-server:default:LoginRouter",
+      "@type": "InteractionRouteHandler",
+      "route": {
+        "@id": "urn:solid-server:default:LoginRoute",
+        "@type": "RelativePathInteractionRoute",
+        "base": { "@id": "urn:solid-server:default:IndexRoute" },
+        "relativePath": "login/"
+      },
+      "source": {
+        "@type": "MethodFilterHandler",
+        "methods": [ "GET" ],
+        "source": {
+          "@type": "ControlHandler",
+          "controls": [
+            {
+              "ControlHandler:_controls_key": "logins",
+              "ControlHandler:_controls_value": {
+                "comment": "New login methods should add a link to their HTML login page here. This list can be used when multiple login methods exist to make a choice.",
+                "@id": "urn:solid-server:default:LoginHandler",
+                "@type": "ControlHandler",
+                "controls": []
+              }
+            }
+          ]
+        }
+      }
+    },
+
+    {
+      "@id": "urn:solid-server:default:InteractionRouteHandler",
+      "@type": "WaterfallHandler",
+      "handlers": [{ "@id": "urn:solid-server:default:LoginRouter" }]
+    },
+
+    {
+      "@id": "urn:solid-server:default:MainControlHandler",
+      "@type": "ControlHandler",
+      "controls": [
+        {
+          "ControlHandler:_controls_key": "logins",
+          "ControlHandler:_controls_value": { "@id": "urn:solid-server:default:LoginRoute" }
+        }
+      ]
+    },
+
+    {
+      "@id": "urn:solid-server:default:HtmlViewHandler",
+      "@type": "HtmlViewHandler",
+      "templates": [{
+        "@id": "urn:solid-server:default:LoginHtml",
+        "@type": "HtmlViewEntry",
+        "filePath": "@css:templates/identity/login.html.ejs",
+        "route": { "@id": "urn:solid-server:default:LoginRoute" }
+      }]
+    },
+    {
+      "@id": "urn:solid-server:default:MainHtmlControlHandler",
+      "@type": "ControlHandler",
+      "controls": [
+        {
+          "ControlHandler:_controls_key": "login",
+          "ControlHandler:_controls_value": { "@id": "urn:solid-server:default:LoginRoute" }
+        }
+      ]
+    }
+  ]
+}

config/identity/interaction/routing/core/main.json

@@ -0,0 +1,38 @@
+{
+  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
+  "import": [
+    "css:config/identity/interaction/routing/core/index.json",
+    "css:config/identity/interaction/routing/core/login.json"
+  ],
+  "@graph": [
+    {
+      "@id": "urn:solid-server:default:ControlHandler",
+      "@type": "ControlHandler",
+      "controls": [
+        {
+          "ControlHandler:_controls_key": "main",
+          "ControlHandler:_controls_value": {
+            "comment": "Contains all general controls.",
+            "@id": "urn:solid-server:default:MainControlHandler",
+            "@type": "ControlHandler",
+            "controls": []
+          }
+        }
+      ]
+    },
+
+    {
+      "@id": "urn:solid-server:default:HtmlControlHandler",
+      "@type": "ControlHandler",
+      "controls": [{
+        "ControlHandler:_controls_key": "main",
+        "ControlHandler:_controls_value": {
+          "comment": "Controls all general HTML page controls.",
+          "@id": "urn:solid-server:default:MainHtmlControlHandler",
+          "@type": "ControlHandler",
+          "controls": []
+        }
+      }]
+    }
+  ]
+}

config/identity/interaction/routing/default.json

@@ -0,0 +1,85 @@
+{
+  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
+  "import": [
+    "css:config/identity/interaction/routing/account/main.json",
+    "css:config/identity/interaction/routing/client-credentials/create.json",
+    "css:config/identity/interaction/routing/client-credentials/resource.json",
+    "css:config/identity/interaction/routing/core/main.json",
+    "css:config/identity/interaction/routing/oidc/main.json",
+    "css:config/identity/interaction/routing/password/main.json",
+    "css:config/identity/interaction/routing/pod/create.json",
+    "css:config/identity/interaction/routing/pod/resource.json",
+    "css:config/identity/interaction/routing/webid/link.json",
+    "css:config/identity/interaction/routing/webid/resource.json",
+
+    "css:config/identity/interaction/routing/views/html.json"
+  ],
+  "@graph": [
+    {
+      "@id": "urn:solid-server:default:InteractionHandler",
+      "@type": "WaterfallHandler",
+      "handlers": [
+        {
+          "comment": "Returns the relevant HTML pages for the interactions when needed.",
+          "@id": "urn:solid-server:default:HtmlViewHandler"
+        },
+        {
+          "comment": "Ensures locks on authenticated requests.",
+          "@id": "urn:solid-server:default:LockingInteractionHandler",
+          "@type": "LockingInteractionHandler",
+          "locker": { "@id": "urn:solid-server:default:ResourceLocker" },
+          "accountRoute": { "@id": "urn:solid-server:default:AccountIdRoute" },
+          "source": { "@id": "urn:solid-server:default:JsonConversionHandler" }
+        }
+      ]
+    },
+    {
+      "comment": "Convert incoming requests to JSON operations.",
+      "@id": "urn:solid-server:default:JsonConversionHandler",
+      "@type": "JsonConversionHandler",
+      "source": { "@id": "urn:solid-server:default:VersionHandler" },
+      "converter": { "@id": "urn:solid-server:default:RepresentationConverter" }
+    },
+    {
+      "comment": "Adds the API version to the JSON response.",
+      "@id": "urn:solid-server:default:VersionHandler",
+      "@type": "VersionHandler",
+      "source" : { "@id": "urn:solid-server:default:CookieInteractionHandler" }
+    },
+    {
+      "comment": "Updates the cookie values as necessary.",
+      "@id": "urn:solid-server:default:CookieInteractionHandler",
+      "@type": "CookieInteractionHandler",
+      "accountStore": { "@id": "urn:solid-server:default:AccountStore" },
+      "cookieStore": { "@id": "urn:solid-server:default:CookieStore" },
+      "source": { "@id": "urn:solid-server:default:RootControlHandler" }
+    },
+    {
+      "comment": "Adds controls to the JSON response.",
+      "@id": "urn:solid-server:default:RootControlHandler",
+      "@type": "ControlHandler",
+      "controls": [{
+        "ControlHandler:_controls_key": "controls",
+        "ControlHandler:_controls_value": {
+          "comment": "The main controls object. All other controls should be added to this one.",
+          "@id": "urn:solid-server:default:ControlHandler",
+          "@type": "ControlHandler",
+          "controls": []
+        }
+      }],
+      "source" : { "@id": "urn:solid-server:default:LocationInteractionHandler" }
+    },
+    {
+      "comment": "Converts 3xx redirects to 200 JSON responses for consumption by browser scripts.",
+      "@id": "urn:solid-server:default:LocationInteractionHandler",
+      "@type": "LocationInteractionHandler",
+      "source" : { "@id": "urn:solid-server:default:InteractionRouteHandler" }
+    },
+    {
+      "comment": "Contains all JsonInteractionHandlers that can potentially handle the input request.",
+      "@id": "urn:solid-server:default:InteractionRouteHandler",
+      "@type": "WaterfallHandler",
+      "handlers": []
+    }
+  ]
+}

config/identity/interaction/routing/oidc/cancel.json

@@ -0,0 +1,44 @@
+{
+  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
+  "@graph": [
+    {
+      "comment": "Allows users to cancel an OIDC interaction, bringing them back to the original client.",
+      "@id": "urn:solid-server:default:OidcCancelRouter",
+      "@type": "InteractionRouteHandler",
+      "route": {
+        "@id": "urn:solid-server:default:OidcCancelRoute",
+        "@type": "RelativePathInteractionRoute",
+        "base": { "@id": "urn:solid-server:default:OidcRoute" },
+        "relativePath": "cancel/"
+      },
+      "source": {
+        "@id": "urn:solid-server:default:CancelOidcHandler",
+        "@type": "WaterfallHandler",
+        "handlers": [
+          {
+            "@type": "MethodFilterHandler",
+            "methods": [ "POST" ],
+            "source": { "@type": "CancelOidcHandler" }
+          }
+        ]
+      }
+    },
+
+    {
+      "@id": "urn:solid-server:default:InteractionRouteHandler",
+      "@type": "WaterfallHandler",
+      "handlers": [{ "@id": "urn:solid-server:default:OidcCancelRouter" }]
+    },
+
+    {
+      "@id": "urn:solid-server:default:OidcControlHandler",
+      "@type": "OidcControlHandler",
+      "controls": [
+        {
+          "OidcControlHandler:_controls_key": "cancel",
+          "OidcControlHandler:_controls_value": { "@id": "urn:solid-server:default:OidcCancelRoute" }
+        }
+      ]
+    }
+  ]
+}

config/identity/interaction/routing/oidc/consent.json

@@ -0,0 +1,66 @@
+{
+  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
+  "@graph": [
+    {
+      "comment": "Handles the interaction that occurs when a logged in user wants to authenticate with a new app.",
+      "@id": "urn:solid-server:default:OidcConsentRouter",
+      "@type": "InteractionRouteHandler",
+      "route": {
+        "@id": "urn:solid-server:default:OidcConsentRoute",
+        "@type": "RelativePathInteractionRoute",
+        "base": { "@id": "urn:solid-server:default:OidcRoute" },
+        "relativePath": "consent/"
+      },
+      "source": {
+        "@id": "urn:solid-server:default:ConsentHandler",
+        "@type": "WaterfallHandler",
+        "handlers": [
+          {
+            "@type": "MethodFilterHandler",
+            "methods": [ "GET" ],
+            "source": {
+              "@type": "ClientInfoHandler",
+              "providerFactory": { "@id": "urn:solid-server:default:IdentityProviderFactory" }
+            }
+          },
+          {
+            "@type": "MethodFilterHandler",
+            "methods": [ "POST" ],
+            "source": {
+              "@type": "ConsentHandler",
+              "providerFactory": { "@id": "urn:solid-server:default:IdentityProviderFactory" }
+            }
+          }
+        ]
+      }
+    },
+
+    {
+      "@id": "urn:solid-server:default:InteractionRouteHandler",
+      "@type": "WaterfallHandler",
+      "handlers": [{ "@id": "urn:solid-server:default:OidcConsentRouter" }]
+    },
+
+    {
+      "@id": "urn:solid-server:default:OidcControlHandler",
+      "@type": "OidcControlHandler",
+      "controls": [
+        {
+          "OidcControlHandler:_controls_key": "consent",
+          "OidcControlHandler:_controls_value": { "@id": "urn:solid-server:default:OidcConsentRoute" }
+        }
+      ]
+    },
+
+    {
+      "@id": "urn:solid-server:default:HtmlViewHandler",
+      "@type": "HtmlViewHandler",
+      "templates": [{
+        "@id": "urn:solid-server:default:OidcConsentHtml",
+        "@type": "HtmlViewEntry",
+        "filePath": "@css:templates/identity/oidc/consent.html.ejs",
+        "route": { "@id": "urn:solid-server:default:OidcConsentRoute" }
+      }]
+    }
+  ]
+}

config/identity/interaction/routing/oidc/forget-webid.json

@@ -0,0 +1,47 @@
+{
+  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
+  "@graph": [
+    {
+      "comment": "Allows the picked WebID to be forgotten in an OIDC interaction so the user can pick again.",
+      "@id": "urn:solid-server:default:OidcForgetWebIdRouter",
+      "@type": "InteractionRouteHandler",
+      "route": {
+        "@id": "urn:solid-server:default:OidcForgetWebIDRoute",
+        "@type": "RelativePathInteractionRoute",
+        "base": { "@id": "urn:solid-server:default:OidcRoute" },
+        "relativePath": "forget-webid/"
+      },
+      "source": {
+        "@id": "urn:solid-server:default:ForgetWebIdHandler",
+        "@type": "WaterfallHandler",
+        "handlers": [
+          {
+            "@type": "MethodFilterHandler",
+            "methods": [ "POST" ],
+            "source": {
+              "@type": "ForgetWebIdHandler",
+              "providerFactory": { "@id": "urn:solid-server:default:IdentityProviderFactory" }
+            }
+          }
+        ]
+      }
+    },
+
+    {
+      "@id": "urn:solid-server:default:InteractionRouteHandler",
+      "@type": "WaterfallHandler",
+      "handlers": [{ "@id": "urn:solid-server:default:OidcForgetWebIdRouter" }]
+    },
+
+    {
+      "@id": "urn:solid-server:default:OidcControlHandler",
+      "@type": "OidcControlHandler",
+      "controls": [
+        {
+          "OidcControlHandler:_controls_key": "forgetWebId",
+          "OidcControlHandler:_controls_value": { "@id": "urn:solid-server:default:OidcForgetWebIDRoute" }
+        }
+      ]
+    }
+  ]
+}

config/identity/interaction/routing/oidc/main.json

@@ -0,0 +1,35 @@
+{
+  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
+  "import": [
+    "css:config/identity/interaction/routing/oidc/cancel.json",
+    "css:config/identity/interaction/routing/oidc/consent.json",
+    "css:config/identity/interaction/routing/oidc/forget-webid.json",
+    "css:config/identity/interaction/routing/oidc/prompt.json",
+    "css:config/identity/interaction/routing/oidc/pick-webid.json"
+  ],
+  "@graph": [
+    {
+      "comment": "Main OIDC route others can extend.",
+      "@id": "urn:solid-server:default:OidcRoute",
+      "@type": "RelativePathInteractionRoute",
+      "base": { "@id": "urn:solid-server:default:IndexRoute" },
+      "relativePath": "oidc/"
+    },
+
+    {
+      "@id": "urn:solid-server:default:ControlHandler",
+      "@type": "ControlHandler",
+      "controls": [
+        {
+          "ControlHandler:_controls_key": "oidc",
+          "ControlHandler:_controls_value": {
+            "comment": "Contains all OIDC controls.",
+            "@id": "urn:solid-server:default:OidcControlHandler",
+            "@type": "OidcControlHandler",
+            "controls": []
+          }
+        }
+      ]
+    }
+  ]
+}

config/identity/interaction/routing/oidc/pick-webid.json

@@ -0,0 +1,44 @@
+{
+  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
+  "@graph": [
+    {
+      "comment": "Handles picking a WebID during an OIDC interaction.",
+      "@id": "urn:solid-server:default:OidcPickWebIdRouter",
+      "@type": "InteractionRouteHandler",
+      "route": {
+        "@id": "urn:solid-server:default:OidcPickWebIdRoute",
+        "@type": "RelativePathInteractionRoute",
+        "base": { "@id": "urn:solid-server:default:OidcRoute" },
+        "relativePath": "pick-webid/"
+      },
+      "source": {
+        "@type": "ViewInteractionHandler",
+        "source": {
+          "@type": "PickWebIdHandler",
+          "@id": "urn:solid-server:default:PickWebIdHandler",
+          "accountStore": { "@id": "urn:solid-server:default:AccountStore" },
+          "providerFactory": { "@id": "urn:solid-server:default:IdentityProviderFactory" }
+        }
+      }
+    },
+
+    {
+      "@id": "urn:solid-server:default:InteractionRouteHandler",
+      "@type": "WaterfallHandler",
+      "handlers": [
+        { "@id": "urn:solid-server:default:OidcPickWebIdRouter" }
+      ]
+    },
+
+    {
+      "@id": "urn:solid-server:default:OidcControlHandler",
+      "@type": "OidcControlHandler",
+      "controls": [
+        {
+          "OidcControlHandler:_controls_key": "webId",
+          "OidcControlHandler:_controls_value": { "@id": "urn:solid-server:default:OidcPickWebIdRoute" }
+        }
+      ]
+    }
+  ]
+}

config/identity/interaction/routing/oidc/prompt.json

@@ -0,0 +1,51 @@
+{
+  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
+  "@graph": [
+    {
+      "comment": "Handles the interaction that occurs when a logged in user wants to authenticate with a new app.",
+      "@id": "urn:solid-server:default:OidcPromptRouter",
+      "@type": "InteractionRouteHandler",
+      "route": {
+        "@id": "urn:solid-server:default:OidcPromptRoute",
+        "@type": "RelativePathInteractionRoute",
+        "base": { "@id": "urn:solid-server:default:OidcRoute" },
+        "relativePath": "prompt/"
+      },
+      "source": {
+        "@id": "urn:solid-server:default:PromptHandler",
+        "@type": "PromptHandler",
+        "promptRoutes": [
+          {
+            "PromptHandler:_promptRoutes_key": "account",
+            "PromptHandler:_promptRoutes_value": { "@id": "urn:solid-server:default:LoginRoute" }
+          },
+          {
+            "PromptHandler:_promptRoutes_key": "login",
+            "PromptHandler:_promptRoutes_value": { "@id": "urn:solid-server:default:OidcConsentRoute" }
+          },
+          {
+            "PromptHandler:_promptRoutes_key": "consent",
+            "PromptHandler:_promptRoutes_value": { "@id": "urn:solid-server:default:OidcConsentRoute" }
+          }
+        ]
+      }
+    },
+
+    {
+      "@id": "urn:solid-server:default:InteractionRouteHandler",
+      "@type": "WaterfallHandler",
+      "handlers": [{ "@id": "urn:solid-server:default:OidcPromptRouter" }]
+    },
+
+    {
+      "@id": "urn:solid-server:default:OidcControlHandler",
+      "@type": "OidcControlHandler",
+      "controls": [
+        {
+          "OidcControlHandler:_controls_key": "prompt",
+          "OidcControlHandler:_controls_value": { "@id": "urn:solid-server:default:OidcPromptRoute" }
+        }
+      ]
+    }
+  ]
+}

config/identity/interaction/routing/password/create.json

@@ -0,0 +1,62 @@
+{
+  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
+  "@graph": [
+    {
+      "comment": "Allows adding the email/password login method to an account",
+      "@id": "urn:solid-server:default:AccountPasswordRouter",
+      "@type": "AuthorizedRouteHandler",
+      "route": {
+        "@id": "urn:solid-server:default:AccountPasswordRoute",
+        "@type": "RelativePathInteractionRoute",
+        "base": { "@id": "urn:solid-server:default:AccountLoginRoute" },
+        "relativePath": "password/"
+      },
+      "source": {
+        "@type": "ViewInteractionHandler",
+        "source": {
+          "@id": "urn:solid-server:default:CreatePasswordHandler",
+          "@type": "CreatePasswordHandler",
+          "accountStore": { "@id": "urn:solid-server:default:AccountStore" },
+          "passwordStore": { "@id": "urn:solid-server:default:PasswordStore" },
+          "passwordRoute": { "@id": "urn:solid-server:default:AccountPasswordIdRoute" }
+        }
+      }
+    },
+
+    {
+      "@id": "urn:solid-server:default:InteractionRouteHandler",
+      "@type": "WaterfallHandler",
+      "handlers": [{ "@id": "urn:solid-server:default:AccountPasswordRouter" }]
+    },
+
+    {
+      "@id": "urn:solid-server:default:PasswordControlHandler",
+      "@type": "ControlHandler",
+      "controls": [{
+          "ControlHandler:_controls_key": "create",
+          "ControlHandler:_controls_value": { "@id": "urn:solid-server:default:AccountPasswordRoute" }
+      }]
+    },
+
+    {
+      "@id": "urn:solid-server:default:HtmlViewHandler",
+      "@type": "HtmlViewHandler",
+      "templates": [{
+          "@id": "urn:solid-server:default:CreatePasswordHtml",
+          "@type": "HtmlViewEntry",
+          "filePath": "@css:templates/identity/password/create.html.ejs",
+          "route": { "@id": "urn:solid-server:default:AccountPasswordRoute" }
+      }]
+    },
+    {
+      "ControlHandler:_controls_value": {
+        "@id": "urn:solid-server:default:PasswordHtmlControlHandler",
+        "@type": "ControlHandler",
+        "controls": [{
+          "ControlHandler:_controls_key": "create",
+          "ControlHandler:_controls_value": { "@id": "urn:solid-server:default:AccountPasswordRoute" }
+        }]
+      }
+    }
+  ]
+}

config/identity/interaction/routing/password/forgot.json

@@ -0,0 +1,68 @@
+{
+  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
+  "@graph": [
+    {
+      "comment": "Handles the forgot password interaction.",
+      "@id": "urn:solid-server:default:ForgotPasswordRouter",
+      "@type": "InteractionRouteHandler",
+      "route": {
+        "@id": "urn:solid-server:default:ForgotPasswordRoute",
+        "@type": "RelativePathInteractionRoute",
+        "base": { "@id": "urn:solid-server:default:LoginPasswordRoute" },
+        "relativePath": "forgot/"
+      },
+      "source": {
+        "@type": "ViewInteractionHandler",
+        "source": {
+          "@id": "urn:solid-server:default:ForgotPasswordHandler",
+          "@type": "ForgotPasswordHandler",
+          "passwordStore": { "@id": "urn:solid-server:default:PasswordStore" },
+          "forgotPasswordStore": { "@id": "urn:solid-server:default:ForgotPasswordStore" },
+          "templateEngine": {
+            "@type": "StaticTemplateEngine",
+            "templateEngine": { "@id": "urn:solid-server:default:TemplateEngine" },
+            "template": "@css:templates/identity/password/reset-email.html.ejs"
+          },
+          "emailSender": { "@id": "urn:solid-server:default:EmailSender" },
+          "resetRoute": { "@id": "urn:solid-server:default:ResetPasswordRoute" }
+        }
+      }
+    },
+
+    {
+      "@id": "urn:solid-server:default:InteractionRouteHandler",
+      "@type": "WaterfallHandler",
+      "handlers": [{ "@id": "urn:solid-server:default:ForgotPasswordRouter" }]
+    },
+
+    {
+      "@id": "urn:solid-server:default:PasswordControlHandler",
+      "@type": "ControlHandler",
+      "controls": [{
+        "ControlHandler:_controls_key": "forgot",
+        "ControlHandler:_controls_value": { "@id": "urn:solid-server:default:ForgotPasswordRoute" }
+      }]
+    },
+
+    {
+      "@id": "urn:solid-server:default:HtmlViewHandler",
+      "@type": "HtmlViewHandler",
+      "templates": [{
+        "@id": "urn:solid-server:default:ForgotPasswordHtml",
+        "@type": "HtmlViewEntry",
+        "filePath": "@css:templates/identity/password/forgot.html.ejs",
+        "route": { "@id": "urn:solid-server:default:ForgotPasswordRoute" }
+      }]
+    },
+    {
+      "ControlHandler:_controls_value": {
+        "@id": "urn:solid-server:default:PasswordHtmlControlHandler",
+        "@type": "ControlHandler",
+        "controls": [{
+            "ControlHandler:_controls_key": "forgot",
+            "ControlHandler:_controls_value": { "@id": "urn:solid-server:default:ForgotPasswordRoute" }
+        }]
+      }
+    }
+  ]
+}

config/identity/interaction/routing/password/login.json

@@ -0,0 +1,63 @@
+{
+  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
+  "@graph": [
+    {
+      "comment": "Handles the password login interaction.",
+      "@id": "urn:solid-server:default:LoginPasswordRouter",
+      "@type": "InteractionRouteHandler",
+      "route": {
+        "@id": "urn:solid-server:default:LoginPasswordRoute",
+        "@type": "RelativePathInteractionRoute",
+        "base": { "@id": "urn:solid-server:default:LoginRoute" },
+        "relativePath": "password/"
+      },
+      "source": {
+        "@type": "ViewInteractionHandler",
+        "source": {
+          "@id": "urn:solid-server:default:PasswordLoginHandler",
+          "@type": "PasswordLoginHandler",
+          "accountStore": { "@id": "urn:solid-server:default:AccountStore" },
+          "passwordStore": { "@id": "urn:solid-server:default:PasswordStore" },
+          "cookieStore": { "@id": "urn:solid-server:default:CookieStore" },
+          "accountRoute": { "@id": "urn:solid-server:default:AccountIdRoute" }
+        }
+      }
+    },
+
+    {
+      "@id": "urn:solid-server:default:InteractionRouteHandler",
+      "@type": "WaterfallHandler",
+      "handlers": [{ "@id": "urn:solid-server:default:LoginPasswordRouter" }]
+    },
+
+    {
+      "@id": "urn:solid-server:default:PasswordControlHandler",
+      "@type": "ControlHandler",
+      "controls": [{
+        "ControlHandler:_controls_key": "login",
+        "ControlHandler:_controls_value": { "@id": "urn:solid-server:default:LoginPasswordRoute" }
+      }]
+    },
+
+    {
+      "@id": "urn:solid-server:default:HtmlViewHandler",
+      "@type": "HtmlViewHandler",
+      "templates": [{
+        "@id": "urn:solid-server:default:PasswordLoginHtml",
+        "@type": "HtmlViewEntry",
+        "filePath": "@css:templates/identity/password/login.html.ejs",
+        "route": { "@id": "urn:solid-server:default:LoginPasswordRoute" }
+      }]
+    },
+    {
+      "ControlHandler:_controls_value": {
+        "@id": "urn:solid-server:default:PasswordHtmlControlHandler",
+        "@type": "ControlHandler",
+        "controls": [{
+          "ControlHandler:_controls_key": "login",
+          "ControlHandler:_controls_value": { "@id": "urn:solid-server:default:LoginPasswordRoute" }
+        }]
+      }
+    }
+  ]
+}

config/identity/interaction/routing/password/main.json

@@ -0,0 +1,11 @@
+{
+  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
+  "import": [
+    "css:config/identity/interaction/routing/password/create.json",
+    "css:config/identity/interaction/routing/password/forgot.json",
+    "css:config/identity/interaction/routing/password/login.json",
+    "css:config/identity/interaction/routing/password/reset.json",
+    "css:config/identity/interaction/routing/password/resource.json"
+  ],
+  "@graph": []
+}

config/identity/interaction/routing/password/reset.json

@@ -0,0 +1,51 @@
+{
+  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
+  "@graph": [
+    {
+      "comment": "Handles the reset password interaction.",
+      "@id": "urn:solid-server:default:ResetPasswordRouter",
+      "@type": "InteractionRouteHandler",
+      "route": {
+        "@id": "urn:solid-server:default:ResetPasswordRoute",
+        "@type": "RelativePathInteractionRoute",
+        "base": { "@id": "urn:solid-server:default:LoginPasswordRoute" },
+        "relativePath": "reset/"
+      },
+      "source": {
+        "@type": "ViewInteractionHandler",
+        "source": {
+          "@id": "urn:solid-server:default:ResetPasswordHandler",
+          "@type": "ResetPasswordHandler",
+          "passwordStore": { "@id": "urn:solid-server:default:PasswordStore" },
+          "forgotPasswordStore": { "@id": "urn:solid-server:default:ForgotPasswordStore" }
+        }
+      }
+    },
+
+    {
+      "@id": "urn:solid-server:default:InteractionRouteHandler",
+      "@type": "WaterfallHandler",
+      "handlers": [{ "@id": "urn:solid-server:default:ResetPasswordRouter" }]
+    },
+
+    {
+      "@id": "urn:solid-server:default:PasswordControlHandler",
+      "@type": "ControlHandler",
+      "controls": [{
+        "ControlHandler:_controls_key": "reset",
+        "ControlHandler:_controls_value": { "@id": "urn:solid-server:default:ResetPasswordRoute" }
+      }]
+    },
+
+    {
+      "@id": "urn:solid-server:default:HtmlViewHandler",
+      "@type": "HtmlViewHandler",
+      "templates": [{
+        "@id": "urn:solid-server:default:ResetPasswordHtml",
+        "@type": "HtmlViewEntry",
+        "filePath": "@css:templates/identity/password/reset.html.ejs",
+        "route": { "@id": "urn:solid-server:default:ResetPasswordRoute" }
+      }]
+    }
+  ]
+}

config/identity/interaction/routing/password/resource.json

@@ -0,0 +1,55 @@
+{
+  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
+  "@graph": [
+    {
+      "comment": "Handles the password link details such as update and delete.",
+      "@id": "urn:solid-server:default:AccountPasswordIdRouter",
+      "@type": "AuthorizedRouteHandler",
+      "route": {
+        "@id": "urn:solid-server:default:AccountPasswordIdRoute",
+        "@type": "BasePasswordIdRoute",
+        "base": { "@id": "urn:solid-server:default:AccountPasswordRoute" }
+      },
+      "source": {
+        "@id": "urn:solid-server:default:PasswordResourceHandler",
+        "@type": "WaterfallHandler",
+        "handlers": [
+          {
+            "@type": "ViewInteractionHandler",
+            "source": {
+              "@type": "UpdatePasswordHandler",
+              "accountStore": { "@id": "urn:solid-server:default:AccountStore" },
+              "passwordStore": { "@id": "urn:solid-server:default:PasswordStore" }
+            }
+          },
+          {
+            "@type": "MethodFilterHandler",
+            "methods": [ "DELETE" ],
+            "source": {
+              "@type": "DeletePasswordHandler",
+              "accountStore": { "@id": "urn:solid-server:default:AccountStore" },
+              "passwordStore": { "@id": "urn:solid-server:default:PasswordStore" }
+            }
+          }
+        ]
+      }
+    },
+
+    {
+      "@id": "urn:solid-server:default:InteractionRouteHandler",
+      "@type": "WaterfallHandler",
+      "handlers": [{ "@id": "urn:solid-server:default:AccountPasswordIdRouter" }]
+    },
+
+    {
+      "@id": "urn:solid-server:default:HtmlViewHandler",
+      "@type": "HtmlViewHandler",
+      "templates": [{
+        "@id": "urn:solid-server:default:UpdatePasswordHtml",
+        "@type": "HtmlViewEntry",
+        "filePath": "@css:templates/identity/password/update.html.ejs",
+        "route": { "@id": "urn:solid-server:default:AccountPasswordIdRoute" }
+      }]
+    }
+  ]
+}

config/identity/interaction/routing/pod/create.json

@@ -0,0 +1,30 @@
+{
+  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
+  "@graph": [
+    {
+      "comment": "Handles pod creation.",
+      "@id": "urn:solid-server:default:AccountPodRouter",
+      "@type": "AuthorizedRouteHandler",
+      "route": {
+        "@id": "urn:solid-server:default:AccountPodRoute",
+        "@type": "RelativePathInteractionRoute",
+        "base": { "@id": "urn:solid-server:default:AccountIdRoute" },
+        "relativePath": "pod/"
+      },
+      "source": {
+        "@type": "ViewInteractionHandler",
+        "source": {
+          "@id": "urn:solid-server:default:CreatePodHandler",
+          "@type": "CreatePodHandler",
+          "baseUrl": { "@id": "urn:solid-server:default:variable:baseUrl" },
+          "identifierGenerator": { "@id": "urn:solid-server:default:IdentifierGenerator" },
+          "relativeWebIdPath": "/profile/card#me",
+          "accountStore": { "@id": "urn:solid-server:default:AccountStore" },
+          "webIdStore": { "@id": "urn:solid-server:default:WebIdStore" },
+          "podStore": { "@id": "urn:solid-server:default:PodStore" },
+          "allowRoot": false
+        }
+      }
+    }
+  ]
+}

config/identity/interaction/routing/pod/resource.json

@@ -0,0 +1,11 @@
+{
+  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
+  "@graph": [
+    {
+      "comment": "This route is only used when creating new pod resources as no further interactions are supported.",
+      "@id": "urn:solid-server:default:AccountPodIdRoute",
+      "@type": "BasePodIdRoute",
+      "base": { "@id": "urn:solid-server:default:AccountPodRoute" }
+    }
+  ]
+}

config/identity/interaction/routing/views/html.json

@@ -0,0 +1,45 @@
+{
+  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
+  "@graph": [
+    {
+      "comment": "Returns HTML pages if the URL matches and HTML is preferred.",
+      "@id": "urn:solid-server:default:HtmlViewHandler",
+      "@type": "HtmlViewHandler",
+      "index": { "@id": "urn:solid-server:default:IndexRoute" },
+      "templateEngine": {
+        "comment": "Renders the specific page and embeds it into the main HTML body.",
+        "@type": "ChainedTemplateEngine",
+        "renderedName": "htmlBody",
+        "engines": [
+          {
+            "comment": "Will be called with specific templates to generate HTML snippets.",
+            "@id": "urn:solid-server:default:TemplateEngine"
+          },
+          {
+            "comment": "Will embed the result of the first engine into the main HTML template.",
+            "@type": "StaticTemplateEngine",
+            "templateEngine": { "@id": "urn:solid-server:default:TemplateEngine" },
+            "template": "@css:templates/main.html.ejs"
+          }
+        ]
+      },
+      "templates": []
+    },
+
+    {
+      "@id": "urn:solid-server:default:ControlHandler",
+      "@type": "ControlHandler",
+      "controls": [
+        {
+          "ControlHandler:_controls_key": "html",
+          "ControlHandler:_controls_value": {
+            "comment": "Controls linking to HTML pages. These can be the same URLs as the JSON APIs, but can also be different.",
+            "@id": "urn:solid-server:default:HtmlControlHandler",
+            "@type": "ControlHandler",
+            "controls": []
+          }
+        }
+      ]
+    }
+  ]
+}

config/identity/interaction/routing/webid/link.json

@@ -0,0 +1,29 @@
+{
+  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
+  "@graph": [
+    {
+      "comment": "Handles linking a WebID to an account",
+      "@id": "urn:solid-server:default:AccountWebIdRouter",
+      "@type": "AuthorizedRouteHandler",
+      "route": {
+        "@id": "urn:solid-server:default:AccountWebIdRoute",
+        "@type": "RelativePathInteractionRoute",
+        "base": { "@id": "urn:solid-server:default:AccountIdRoute" },
+        "relativePath": "webid/"
+      },
+      "source": {
+        "@id": "urn:solid-server:default:WebIdHandler",
+        "@type": "ViewInteractionHandler",
+        "source": {
+          "@id": "urn:solid-server:default:LinkWebIdHandler",
+          "@type": "LinkWebIdHandler",
+          "baseUrl": { "@id": "urn:solid-server:default:variable:baseUrl" },
+          "ownershipValidator": { "@id": "urn:solid-server:default:OwnershipValidator" },
+          "accountStore": { "@id": "urn:solid-server:default:AccountStore" },
+          "webIdStore": { "@id": "urn:solid-server:default:WebIdStore" },
+          "identifierStrategy": { "@id": "urn:solid-server:default:IdentifierStrategy" }
+        }
+      }
+    }
+  ]
+}

config/identity/interaction/routing/webid/resource.json

@@ -0,0 +1,33 @@
+{
+  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
+  "@graph": [
+    {
+      "comment": "Handles the WebID link details such as deletion.",
+      "@id": "urn:solid-server:default:AccountWebIdLinkRouter",
+      "@type": "AuthorizedRouteHandler",
+      "route": {
+        "@id": "urn:solid-server:default:AccountWebIdLinkRoute",
+        "@type": "BaseWebIdLinkRoute",
+        "base": { "@id": "urn:solid-server:default:AccountWebIdRoute" }
+      },
+      "source": {
+        "@id": "urn:solid-server:default:WebIdLinkHandler",
+        "@type": "MethodFilterHandler",
+        "methods": [ "DELETE" ],
+        "source": {
+          "@type": "UnlinkWebIdHandler",
+          "accountStore": { "@id": "urn:solid-server:default:AccountStore" },
+          "webIdStore": { "@id": "urn:solid-server:default:WebIdStore" }
+        }
+      }
+    },
+
+    {
+      "@id": "urn:solid-server:default:InteractionRouteHandler",
+      "@type": "WaterfallHandler",
+      "handlers": [
+        { "@id": "urn:solid-server:default:AccountWebIdLinkRouter" }
+      ]
+    }
+  ]
+}

config/identity/ownership/token.json

@@ -3,7 +3,7 @@
   "@graph": [
     {
       "comment": "Determines WebID ownership by requesting a specific value to be added to the WebID document",
-      "@id": "urn:solid-server:auth:password:OwnershipValidator",
+      "@id": "urn:solid-server:default:OwnershipValidator",
       "@type": "TokenOwnershipValidator",
       "storage": { "@id": "urn:solid-server:default:ExpiringTokenStorage" }
     },

config/identity/ownership/unsafe-no-check.json

@@ -6,7 +6,7 @@
         "DO NOT USE IN PRODUCTION. ONLY FOR DEVELOPMENT, TESTING, OR DEBUGGING.",
         "Do no verification to determine WebID ownership."
       ],
-      "@id": "urn:solid-server:auth:password:OwnershipValidator",
+      "@id": "urn:solid-server:default:OwnershipValidator",
       "@type": "NoCheckOwnershipValidator"
     }
   ]

config/identity/registration/disabled.json

@@ -1,8 +0,0 @@
-{
-  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
-  "@graph": [
-    {
-      "comment": "Disable registration by not attaching a registration handler."
-    }
-  ]
-}

config/identity/registration/enabled.json

@@ -1,35 +0,0 @@
-{
-  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
-  "import": [
-    "css:config/identity/registration/route/registration.json"
-  ],
-  "@graph": [
-    {
-      "@id": "urn:solid-server:auth:password:InteractionRouteHandler",
-      "@type": "WaterfallHandler",
-      "handlers": [
-        { "@id": "urn:solid-server:auth:password:RegistrationRouteHandler" }
-      ]
-    },
-    {
-      "@id": "urn:solid-server:auth:password:ControlHandler",
-      "@type": "ControlHandler",
-      "controls": [
-        {
-          "ControlHandler:_controls_key": "register",
-          "ControlHandler:_controls_value": { "@id": "urn:solid-server:auth:password:RegistrationRoute" }
-        }
-      ]
-    },
-    {
-      "@id": "urn:solid-server:auth:password:HtmlViewHandler",
-      "@type": "HtmlViewHandler",
-      "templates": [
-        {
-          "HtmlViewHandler:_templates_key": "@css:templates/identity/email-password/register.html.ejs",
-          "HtmlViewHandler:_templates_value": { "@id": "urn:solid-server:auth:password:RegistrationRoute" }
-        }
-      ]
-    }
-  ]
-}

config/identity/registration/route/registration.json

@@ -1,29 +0,0 @@
-{
-  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
-  "@graph": [
-    {
-      "comment": "Handles the register interaction",
-      "@id": "urn:solid-server:auth:password:RegistrationRouteHandler",
-      "@type": "InteractionRouteHandler",
-      "route": {
-        "@id": "urn:solid-server:auth:password:RegistrationRoute",
-        "@type": "RelativePathInteractionRoute",
-        "base": { "@id": "urn:solid-server:auth:password:IndexRoute" },
-        "relativePath": "/register/"
-      },
-      "source": {
-        "@id": "urn:solid-server:auth:password:RegistrationHandler",
-        "@type": "RegistrationHandler",
-        "registrationManager": {
-          "@type": "RegistrationManager",
-          "args_baseUrl": { "@id": "urn:solid-server:default:variable:baseUrl" },
-          "args_webIdSuffix": "/profile/card#me",
-          "args_identifierGenerator": { "@id": "urn:solid-server:default:IdentifierGenerator" },
-          "args_ownershipValidator": { "@id": "urn:solid-server:auth:password:OwnershipValidator" },
-          "args_accountStore": { "@id": "urn:solid-server:auth:password:AccountStore" },
-          "args_podManager": { "@id": "urn:solid-server:default:PodManager" }
-        }
-      }
-    }
-  ]
-}

config/ldp/authorization/readers/ownership.json

@@ -5,7 +5,8 @@
       "comment": "Allows pod owners to always edit permissions on the data.",
       "@id": "urn:solid-server:default:OwnerPermissionReader",
       "@type": "OwnerPermissionReader",
-      "accountStore": { "@id": "urn:solid-server:auth:password:AccountStore" },
+      "webIdStore": { "@id": "urn:solid-server:default:WebIdStore" },
+      "accountStore": { "@id": "urn:solid-server:default:AccountStore" },
       "identifierStrategy": { "@id": "urn:solid-server:default:IdentifierStrategy" }
     }
   ]

config/ldp/metadata-parser/default.json

@@ -1,7 +1,9 @@
 {
   "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
   "import": [
+    "css:config/ldp/metadata-parser/parsers/authorization.json",
     "css:config/ldp/metadata-parser/parsers/content-type.json",
+    "css:config/ldp/metadata-parser/parsers/cookie.json",
     "css:config/ldp/metadata-parser/parsers/link.json",
     "css:config/ldp/metadata-parser/parsers/plain-json-ld-filter.json",
     "css:config/ldp/metadata-parser/parsers/slug.json"
@@ -12,6 +14,8 @@
       "@id": "urn:solid-server:default:MetadataParser",
       "@type": "ParallelHandler",
       "handlers": [
+        { "@id": "urn:solid-server:default:AuthorizationParser" },
+        { "@id": "urn:solid-server:default:CookieParser" },
         { "@id": "urn:solid-server:default:ContentTypeParser" },
         { "@id": "urn:solid-server:default:LinkRelParser" },
         { "@id": "urn:solid-server:default:PlainJsonLdFilter" },

config/ldp/metadata-parser/parsers/authorization.json

@@ -0,0 +1,16 @@
+{
+  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
+  "@graph": [
+    {
+      "comment": "Converts the authorization header into RDF metadata",
+      "@id": "urn:solid-server:default:AuthorizationParser",
+      "@type": "AuthorizationParser",
+      "authMap": [
+        {
+          "AuthorizationParser:_authMap_key": "CSS-Account-Cookie",
+          "AuthorizationParser:_authMap_value": "urn:npm:solid:community-server:http:accountCookie"
+        }
+      ]
+    }
+  ]
+}

config/ldp/metadata-parser/parsers/cookie.json

@@ -0,0 +1,21 @@
+{
+  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
+  "@graph": [
+    {
+      "comment": "The name of the cookie to identify being logged in with a CSS account.",
+      "@id": "urn:solid-server:default:value:accountCookieName",
+      "valueRaw": "css-account"
+    },
+    {
+      "comment": "Converts cookies into RDF metadata.",
+      "@id": "urn:solid-server:default:CookieParser",
+      "@type": "CookieParser",
+      "cookieMap": [
+        {
+          "CookieParser:_cookieMap_key": { "@id": "urn:solid-server:default:value:accountCookieName" },
+          "CookieParser:_cookieMap_value": "urn:npm:solid:community-server:http:accountCookie",
+        }
+      ]
+    }
+  ]
+}

config/ldp/metadata-writer/default.json

@@ -3,6 +3,7 @@
   "import": [
     "css:config/ldp/metadata-writer/writers/allow-accept.json",
     "css:config/ldp/metadata-writer/writers/content-type.json",
+    "css:config/ldp/metadata-writer/writers/cookie.json",
     "css:config/ldp/metadata-writer/writers/link-rel.json",
     "css:config/ldp/metadata-writer/writers/link-rel-metadata.json",
     "css:config/ldp/metadata-writer/writers/mapped.json",
@@ -21,6 +22,7 @@
         { "@id": "urn:solid-server:default:MetadataWriter_ContentType" },
         { "@id": "urn:solid-server:default:MetadataWriter_LinkRel" },
         { "@id": "urn:solid-server:default:MetadataWriter_LinkRelMetadata" },
+        { "@id": "urn:solid-server:default:MetadataWriter_Cookie" },
         { "@id": "urn:solid-server:default:MetadataWriter_Mapped" },
         { "@id": "urn:solid-server:default:MetadataWriter_Modified" },
         { "@id": "urn:solid-server:default:MetadataWriter_Range" },

config/ldp/metadata-writer/writers/cookie.json

@@ -0,0 +1,17 @@
+{
+  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
+  "@graph": [
+    {
+      "comment": "Converts all triples with the given predicates to cookies.",
+      "@id": "urn:solid-server:default:MetadataWriter_Cookie",
+      "@type": "CookieMetadataWriter",
+      "cookieMap": [
+        {
+          "CookieMetadataWriter:_cookieMap_key": "urn:npm:solid:community-server:http:accountCookie",
+          "CookieMetadataWriter:_name": { "@id": "urn:solid-server:default:value:accountCookieName" },
+          "CookieMetadataWriter:_expirationUri": "urn:npm:solid:community-server:http:accountCookieExpiration"
+        }
+      ]
+    }
+  ]
+}

config/memory-subdomains.json

@@ -2,7 +2,7 @@
   "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
   "import": [
     "css:config/app/main/default.json",
-    "css:config/app/init/initialize-root.json",
+    "css:config/app/init/static-root.json",
     "css:config/app/variables/default.json",
     "css:config/http/handler/default.json",
     "css:config/http/middleware/default.json",
@@ -12,9 +12,9 @@
     "css:config/identity/access/public.json",
     "css:config/identity/email/default.json",
     "css:config/identity/handler/default.json",
+    "css:config/identity/interaction/default.json",
     "css:config/identity/ownership/token.json",
     "css:config/identity/pod/static.json",
-    "css:config/identity/registration/enabled.json",
     "css:config/ldp/authentication/dpop-bearer.json",
     "css:config/ldp/authorization/webacl.json",
     "css:config/ldp/handler/default.json",

config/path-routing.json

@@ -12,9 +12,9 @@
     "css:config/identity/access/public.json",
     "css:config/identity/email/default.json",
     "css:config/identity/handler/default.json",
+    "css:config/identity/interaction/no-accounts.json",
     "css:config/identity/ownership/token.json",
     "css:config/identity/pod/static.json",
-    "css:config/identity/registration/disabled.json",
     "css:config/ldp/authentication/dpop-bearer.json",
     "css:config/ldp/authorization/webacl.json",
     "css:config/ldp/handler/default.json",

config/quota-file.json

@@ -12,9 +12,9 @@
     "css:config/identity/access/public.json",
     "css:config/identity/email/default.json",
     "css:config/identity/handler/default.json",
+    "css:config/identity/interaction/default.json",
     "css:config/identity/ownership/token.json",
     "css:config/identity/pod/static.json",
-    "css:config/identity/registration/enabled.json",
     "css:config/ldp/authentication/dpop-bearer.json",
     "css:config/ldp/authorization/webacl.json",
     "css:config/ldp/handler/default.json",

config/restrict-idp.json

@@ -12,9 +12,9 @@
     "css:config/identity/access/restricted.json",
     "css:config/identity/email/default.json",
     "css:config/identity/handler/default.json",
+    "css:config/identity/interaction/default.json",
     "css:config/identity/ownership/token.json",
     "css:config/identity/pod/static.json",
-    "css:config/identity/registration/enabled.json",
     "css:config/ldp/authentication/dpop-bearer.json",
     "css:config/ldp/authorization/webacl.json",
     "css:config/ldp/handler/default.json",

config/sparql-endpoint-root.json

@@ -12,9 +12,9 @@
     "css:config/identity/access/public.json",
     "css:config/identity/email/default.json",
     "css:config/identity/handler/default.json",
+    "css:config/identity/interaction/no-accounts.json",
     "css:config/identity/ownership/token.json",
     "css:config/identity/pod/static.json",
-    "css:config/identity/registration/disabled.json",
     "css:config/ldp/authentication/dpop-bearer.json",
     "css:config/ldp/authorization/webacl.json",
     "css:config/ldp/handler/default.json",

config/sparql-endpoint.json

@@ -12,9 +12,9 @@
     "css:config/identity/access/public.json",
     "css:config/identity/email/default.json",
     "css:config/identity/handler/default.json",
+    "css:config/identity/interaction/default.json",
     "css:config/identity/ownership/token.json",
     "css:config/identity/pod/static.json",
-    "css:config/identity/registration/enabled.json",
     "css:config/ldp/authentication/dpop-bearer.json",
     "css:config/ldp/authorization/webacl.json",
     "css:config/ldp/handler/default.json",

config/sparql-file-storage.json

@@ -12,9 +12,9 @@
     "css:config/identity/access/public.json",
     "css:config/identity/email/default.json",
     "css:config/identity/handler/default.json",
+    "css:config/identity/interaction/default.json",
     "css:config/identity/ownership/token.json",
     "css:config/identity/pod/static.json",
-    "css:config/identity/registration/enabled.json",
     "css:config/ldp/authentication/dpop-bearer.json",
     "css:config/ldp/authorization/webacl.json",
     "css:config/ldp/handler/default.json",

config/util/variables/default.json

@@ -44,7 +44,7 @@
     },
     {
       "comment": "Path to the JSON file used to seed pods.",
-      "@id": "urn:solid-server:default:variable:seededPodConfigJson",
+      "@id": "urn:solid-server:default:variable:seedConfig",
       "@type": "Variable"
     },
     {

documentation/markdown/README.md

@@ -32,7 +32,7 @@ the [changelog](https://github.com/CommunitySolidServer/CommunitySolidServer/blo
 * [Quickly starting the server](usage/starting-server.md)
 * [Basic example HTTP requests](usage/example-requests.md)
 * [Editing the metadata of a resource](usage/metadata.md)
-* [How to use the Identity Provider](usage/identity-provider.md)
+* [How to use the Identity Provider and accounts](usage/identity-provider.md)
 * [How to automate authentication](usage/client-credentials.md)
 * [How to automatically seed pods on startup](usage/seeding-pods.md)
 * [Receiving notifications when resources change](usage/notifications.md)

documentation/markdown/architecture/features/accounts/controls.md

@@ -0,0 +1,27 @@
+# JSON API controls
+
+A large part of every response of the JSON API is the `controls` block.
+These are generated by using nested `ControlHandler` objects.
+These take as input a key/value with the values being either routes or other interaction handlers.
+These will then be executed to determine the values of the output JSON object, with the same keys.
+By using other `ControlHandler`s in the input map, we can create nested objects.
+
+The default structure of these handlers is as follows:
+
+```mermaid
+flowchart LR
+  RootControlHandler("<strong>RootControlHandler</strong><br>ControlHandler")
+  RootControlHandler --controls--> ControlHandler("<strong>ControlHandler</strong><br>ControlHandler")
+  ControlHandler --main--> MainControlHandler("<strong>MainControlHandler</strong><br>ControlHandler")
+  ControlHandler --account--> AccountControlHandler("<strong>AccountControlHandler</strong><br>ControlHandler")
+  ControlHandler --password--> PasswordControlHandler("<strong>PasswordControlHandler</strong><br>ControlHandler")
+  ControlHandler --"oidc"--> OidcControlHandler("<strong>OidcControlHandler</strong><br>OidcControlHandler")
+  ControlHandler --html--> HtmlControlHandler("<strong>HtmlControlHandler</strong><br>ControlHandler")
+  
+  HtmlControlHandler --main--> MainHtmlControlHandler("<strong>MainHtmlControlHandler</strong><br>ControlHandler")
+  HtmlControlHandler --account--> AccountHtmlControlHandler("<strong>AccountHtmlControlHandler</strong><br>ControlHandler")
+  HtmlControlHandler --password--> PasswordHtmlControlHandler("<strong>PasswordHtmlControlHandler</strong><br>ControlHandler")
+```
+
+Each of these control handlers then has a map of routes which link to the actual API endpoints.
+How to add these can be seen [here](routes.md#adding-the-necessary-controls).

documentation/markdown/architecture/features/accounts/overview.md

@@ -0,0 +1,58 @@
+# Account management
+
+The main entry point is the `IdentityProviderHandler`,
+which routes all requests targeting a resource starting with `/.account/` into this handler,
+after which it goes through similar parsing handlers as described [here](../protocol/overview.md),
+the flow of which is shown below:
+
+```mermaid
+flowchart LR
+  Handler("<strong>IdentityProviderHandler</strong><br>RouterHandler")
+  ParsingHandler("<strong>IdentityProviderParsingHandler</strong><br>AuthorizingHttpHandler")
+  AuthorizingHandler("<strong>IdentityProviderAuthorizingHandler</strong><br>AuthorizingHttpHandler")
+  
+  Handler --> ParsingHandler
+  ParsingHandler --> AuthorizingHandler
+  AuthorizingHandler --> HttpHandler("<strong>IdentityProviderHttpHandler</strong><br>IdentityProviderHttpHandler")
+```
+
+The `IdentityProviderHttpHandler` is where the actual differentiation of this component starts.
+It handles identifying the account based on the supplied cookie and determining the active OIDC interaction,
+after which it calls an `InteractionHandler` with this additional input.
+The `InteractionHandler` is many handlers chained together as follows:
+
+```mermaid
+flowchart TD
+  HttpHandler("<strong>IdentityProviderHttpHandler</strong><br>IdentityProviderHttpHandler")
+  HttpHandler --> InteractionHandler("<strong>InteractionHandler</strong><br>WaterfallHandler")
+  InteractionHandler --> InteractionHandlerArgs
+  
+  subgraph InteractionHandlerArgs[" "]
+    HtmlViewHandler("<strong>HtmlViewHandler</strong><br>HtmlViewHandler")
+    LockingInteractionHandler("<strong>LockingInteractionHandler</strong><br>LockingInteractionHandler")
+  end
+  
+  LockingInteractionHandler --> JsonConversionHandler("<strong>JsonConversionHandler</strong><br>JsonConversionHandler")
+  JsonConversionHandler --> VersionHandler("<strong>VersionHandler</strong><br>VersionHandler")
+  VersionHandler --> CookieInteractionHandler("<strong>CookieInteractionHandler</strong><br>CookieInteractionHandler")
+  CookieInteractionHandler --> RootControlHandler("<strong>RootControlHandler</strong><br>ControlHandler")
+  RootControlHandler --> LocationInteractionHandler("<strong>LocationInteractionHandler</strong><br>LocationInteractionHandler")
+  LocationInteractionHandler --> InteractionRouteHandler("<strong>InteractionRouteHandler</strong><br>WaterfallHandler")
+```
+
+The `HtmlViewHandler` catches all request that request an HTML output.
+This class keeps a list of HTML pages and their corresponding URL and returns them when needed.
+
+If the request is for the JSON API,
+the request goes through a chain of handlers, each responsible for a specific step in the API process.
+We'll list and summarize these here:
+
+* `LockingInteractionHandler`: In case the request is authenticated,
+  this requests a lock on that account to prevent simultaneous operations on the same account.
+* `JsonConversionHandler`: Converts the streaming input into a JSON object.
+* `VersionHandler`: Adds a version number to all output.
+* `CookieInteractionHandler`: Refreshes the cookie if necessary and adds relevant cookie metadata to the output.
+* `RootControlHandler`: Responsible for adding all the [controls](controls.md) to the output.
+  Will take as input multiple other control handlers which create the nested values in the `controls` field.
+* `LocationInteractionHandler`: Catches redirect errors and converts them to JSON objects with a `location` field.
+* `InteractionRouteHandler`: A `WaterfallHandler` containing an entry for every supported API [route](routes.md).

documentation/markdown/architecture/features/accounts/routes.md

@@ -0,0 +1,126 @@
+# Account API routes
+
+All entries contained in the `urn:solid-server:default:InteractionRouteHandler` have a similar structure:
+an `InteractionRouteHandler`, or `AuthorizedRouteHandler` for authenticated requests,
+which checks if the request targets a specific URL
+and redirects the request to its source if there is a match.
+Its source is quite often a `ViewInteractionHandler`,
+which returns a specific view on GET requests and performs an operation on POST requests,
+but other handlers can also occur.
+
+Below we will give an example of one API route and all the components that are necessary to add it to the server.
+
+## Route handler
+
+```json
+{
+  "@id": "urn:solid-server:default:AccountWebIdRouter",
+  "@type": "AuthorizedRouteHandler",
+  "route": {
+    "@id": "urn:solid-server:default:AccountWebIdRoute",
+    "@type": "RelativePathInteractionRoute",
+    "base": { "@id": "urn:solid-server:default:AccountIdRoute" },
+    "relativePath": "webid/"
+  },
+  "source": { "@id": "urn:solid-server:default:WebIdHandler" }
+}
+```
+
+The main entry point is the route handler,
+which determines the URL necessary to reach this API.
+In this case we create a new route, relative to the `urn:solid-server:default:AccountIdRoute`.
+That route specifically matches URLs of the format `http://localhost:3000/.account/account/<accountId>/`.
+Here we create a route relative to that one by appending `webid`,
+so the resulting route would match `http://localhost:3000/.account/account/<accountId>/webid/`.
+Since an `AuthorizedRouteHandler` is used here,
+the request also needs to be authenticated using an account cookie.
+If there is match, the request will be sent to the `urn:solid-server:default:WebIdHandler`.
+
+## Interaction handler
+
+```json
+{
+  "@id": "urn:solid-server:default:WebIdHandler",
+  "@type": "ViewInteractionHandler",
+  "source": {
+    "@id": "urn:solid-server:default:LinkWebIdHandler",
+    "@type": "LinkWebIdHandler",
+    "baseUrl": { "@id": "urn:solid-server:default:variable:baseUrl" },
+    "ownershipValidator": { "@id": "urn:solid-server:default:OwnershipValidator" },
+    "accountStore": { "@id": "urn:solid-server:default:AccountStore" },
+    "webIdStore": { "@id": "urn:solid-server:default:WebIdStore" },
+    "identifierStrategy": { "@id": "urn:solid-server:default:IdentifierStrategy" }
+  }
+}
+```
+
+The interaction handler is the class that performs the necessary operation based on the request.
+Often these are wrapped in a `ViewInteractionHandler`,
+which allows classes to have different support for GET and POST requests.
+
+## Exposing the API
+
+```json
+{
+  "@id": "urn:solid-server:default:InteractionRouteHandler",
+  "@type": "WaterfallHandler",
+  "handlers": [
+    { "@id": "urn:solid-server:default:AccountWebIdRouter" }
+  ]
+}
+```
+
+To make sure the API can be accessed,
+it needs to be added to the list of `urn:solid-server:default:InteractionRouteHandler`.
+This is the main handler that contains entries for all the APIs.
+This block of Components.js adds the route handler defined above to that list.
+
+## Adding the necessary controls
+
+```json
+{
+  "@id": "urn:solid-server:default:AccountControlHandler",
+  "@type": "ControlHandler",
+  "controls": [{
+    "ControlHandler:_controls_key": "webId",
+    "ControlHandler:_controls_value": { "@id": "urn:solid-server:default:AccountWebIdRoute" }
+  }]
+}
+```
+
+To make sure people can find the API,
+it is necessary to link it through the associated `controls` object.
+This API is related to account management,
+so we add its route in the account controls with the key `webId`.
+More information about controls can be found [here](controls.md).
+
+## Adding HTML
+
+```json
+{
+  "@id": "urn:solid-server:default:HtmlViewHandler",
+  "@type": "HtmlViewHandler",
+  "templates": [{
+    "@id": "urn:solid-server:default:LinkWebIdHtml",
+    "@type": "HtmlViewEntry",
+    "filePath": "@css:templates/identity/account/link-webid.html.ejs",
+    "route": { "@id": "urn:solid-server:default:AccountWebIdRoute" }
+  }]
+}
+```
+
+Some API routes also have an associated HTML page,
+in which case the page needs to be added to the `urn:solid-server:default:HtmlViewHandler`,
+which is what we do here.
+Usually you will also want to add HTML controls so the page can be found.
+
+```json
+{
+  "@id": "urn:solid-server:default:AccountHtmlControlHandler",
+  "@type": "ControlHandler",
+  "controls": [{
+    "ControlHandler:_controls_key": "linkWebId",
+    "ControlHandler:_controls_value": { "@id": "urn:solid-server:default:AccountWebIdRoute" }
+  }]
+}
+```

documentation/markdown/architecture/features/http-handler.md

@@ -88,8 +88,9 @@ More on this can be found in the [identity provider](../../../usage/identity-pro
 
 The `urn:solid-server:default:IdentityProviderHttpHandler` handles everything
 related to our custom identity provider API, such as registering, logging in, returning the relevant HTML pages, etc.
-All these requests are identified by being on the `/idp/` subpath.
+All these requests are identified by being on the `/.account/` subpath.
 More information on the API can be found in the [identity provider](../../../usage/identity-provider) documentation
+The architectural overview can be found [here](accounts/overview.md).
 
 ## LdpHandler
 

documentation/markdown/architecture/features/protocol/overview.md

@@ -10,7 +10,7 @@ Below is a simplified view of how these handlers are linked.
 
 ```mermaid
 flowchart LR
-  LdpHandler("<strong>LdpHandler</strong><br>ParsingHttphandler")
+  LdpHandler("<strong>LdpHandler</strong><br>ParsingHttpHandler")
   LdpHandler --> AuthorizingHttpHandler("<br>AuthorizingHttpHandler")
   AuthorizingHttpHandler --> OperationHandler("<strong>OperationHandler</strong><br><i>OperationHandler</i>")
   OperationHandler --> ResourceStore("<strong>ResourceStore</strong><br><i>ResourceStore</i>")

documentation/markdown/usage/account/json-api.md

@@ -0,0 +1,281 @@
+# Account management JSON API
+
+Everything related to account management is done through a JSON API,
+of which we will describe all paths below.
+There are also HTML pages available to handle account management
+that use these APIs internally.
+Links to these can be found in the HTML controls
+All APIs expect JSON as input, and will return JSON objects as output.
+
+## Finding API URLs
+
+All URLs below are relative to the index account API URL, which by default is `http://localhost:3000/.account/`.
+Every response of an API request will contain a `controls` object,
+containing all the URLs of the other API endpoints.
+It is generally advised to make use of these controls instead of hardcoding the URLs.
+Only the initial index URL needs to be known then to find the controls.
+Certain controls will be missing if those features are disabled in the configuration.
+
+## API requests
+
+Many APIs require a POST request to perform an action.
+When doing a GET request on these APIs they will return an object describing what input is expected for the POST.
+
+## Authorization
+
+After logging in, the API will return a `set-cookie` header.
+This cookie is necessary to have access to many of the APIs.
+When including this cookie, the controls object will also be extended with new URLs that are now accessible.
+When logging in, the response body JSON body will also contain a `cookie` field containing the cookie value.
+Instead of using cookies,
+this value can also be used in an `Authorization` header with auth scheme `CSS-Account-Cookie`
+to achieve the same result.
+
+The expiration time of this cookie will be refreshed
+every time there is a successful request to the server with that cookie.
+
+## Redirecting
+
+As redirects through status codes 3xx can make working with JSON APIs more difficult,
+the API will never make use of this.
+Instead, if a redirect is required after an action,
+the response JSON object will return a `location` field.
+This is the next URL that should be fetched.
+This is mostly relevant in OIDC interactions as these cause the interaction to progress.
+
+## Controls
+
+Below is an overview of all the keys in a controls object returned by the server,
+with all features enabled.
+An example of what such an object looks like can be found at the [bottom](#example) of the page.
+
+### controls.main
+
+General controls that require no authentication.
+
+#### controls.main.index
+
+General entrypoint to the API.
+Returns an empty object, including the controls, on all GET requests.
+
+#### controls.main.logins
+
+Returns an overview of all login systems available on the server in `logins` object.
+Keys are a string description of the login system and values are links to their login pages.
+This can be used to let users choose how they want to log in.
+By default, the object only contains the email/password login system.
+
+### controls.account
+
+All controls related to account management.
+All of these require authorization, except for the create action.
+
+#### controls.account.create
+
+Creates a new account on empty POST requests.
+The response contains the necessary cookie values to log and a `resource` field containing the URL of the account.
+This account can not be used until a login method has been added to it.
+All other interactions will fail until this is the case.
+See the [controls.password.create](#controlspasswordcreate) section below for more information on how to do this.
+This account will expire after some time if no login method is added.
+
+#### controls.account.logout
+
+Logs the account out on an empty POST request.
+Invalidates the cookie that was used.
+
+#### controls.account.webId
+
+POST requests link a WebID to the account,
+allowing the account to identify as that WebID during an OIDC authentication interaction.
+Expected input is an object containing a `webId` field.
+
+If the chosen WebID is contained within a Solid pod associated with this account,
+the request will succeed immediately.
+If not, an error will be thrown,
+asking the user to add a specific triple to the WebID to confirm that they are the owner.
+After this triple is added, a second request will be successful.
+
+#### controls.account.pod
+
+Creates a Solid pod for the account on POST requests.
+The only required field is `name`, which will determine the name of the pod.
+
+Additionally, a `settings` object can be sent along,
+the values of which will be sent to the templates used when generating the pod.
+If this `settings` object contains a `webId` field,
+that WebID will be the WebID that has initial access to the pod.
+
+If no WebID value is provided,
+a WebID will be generated in the pod and immediately linked to the account
+as described in [controls.account.webID](#controlsaccountwebid).
+This WebID will then be the WebID that has initial access.
+
+#### controls.account.clientCredentials
+
+Creates a client credentials token on POST requests.
+More information on these tokens can be found [here](../client-credentials.md).
+Expected input is an object containing a `name` and `webId` field.
+The name is optional and will be used to name the token,
+the WebID determines which WebID you will identify as when using that token.
+It needs to be a WebID linked to the account as described in [controls.account.webID](#controlsaccountwebid).
+
+#### controls.account.account
+
+This value corresponds to the resource URL of the account you received when creating it.
+This returns all resources linked to this account, such as login methods, WebIDs, pods, and client credentials tokens.
+
+Below is an example response object:
+
+```json
+{
+  "logins": {
+    "password": {
+      "test@example.com": "http://localhost:3000/.account/account/c63c9e6f-48f8-40d0-8fec-238da893a7f2/login/password/test%40example.com/"
+    }
+  },
+  "pods": {
+    "http://localhost:3000/test/": "http://localhost:3000/.account/account/c63c9e6f-48f8-40d0-8fec-238da893a7f2/pod/7def7830df1161e422537db594ad2b7412ffb735e0e2320cf3e90db19cd969f9/"
+  },
+  "webIds": {
+    "http://localhost:3000/test/profile/card#me": "http://localhost:3000/.account/account/c63c9e6f-48f8-40d0-8fec-238da893a7f2/webid/5c1b70d3ffaa840394dda86889ed1569cf897ef3d6041fb4c9513f82144cbb7f/"
+  },
+  "clientCredentials": {
+    "token_562cdeb5-d4b2-4905-9e62-8969ac10daaa": "http://localhost:3000/.account/account/c63c9e6f-48f8-40d0-8fec-238da893a7f2/client-credentials/token_562cdeb5-d4b2-4905-9e62-8969ac10daaa/"
+  },
+  "settings": {}
+}
+```
+
+In each of the sub-objects, the key is always the unique identifier of whatever is being described,
+while the value is the resource URL that can potentially be used to modify the resource.
+Removing an entry can be done by sending a DELETE request to the resource URL,
+except for pods, which cannot be deleted.
+Login methods can only be deleted if the account has at least 1 login method remaining afterwards.
+
+The password login resource URL can also be used to modify the password,
+which can be done by sending a POST request to it with the body containing an `oldPassword` and a `newPassword` field.
+
+### controls.password
+
+Controls related to managing the email/password login method.
+
+#### controls.password.create
+
+POST requests create an email/password login and adds it to the account you are logged in as.
+Expects `email` and `password` fields.
+
+#### controls.password.login
+
+POST requests log a user in and return the relevant cookie values.
+Expected fields are `email`, `password`, and optionally a `remember` boolean.
+The `remember` value determines if the returned cookie is only valid for the session,
+or for a longer time.
+
+#### controls.password.forgot
+
+Can be used when a user forgets their password.
+POST requests with an `email` field will send an email with a link to reset the password.
+
+#### controls.password.reset
+
+Used to handle reset password URLs generated when a user forgets their password.
+Expected input values for the POST request are `recordId`,
+which was generated when sending the reset mail,
+and `password` with the new password value.
+
+### controls.oidc
+
+These controls are related to completing OIDC interactions.
+
+#### controls.oidc.cancel
+
+Sending a POST request to this API will cancel the OIDC interaction
+and return the user to the client that started the interaction.
+
+#### controls.oidc.prompt
+
+This API is used to determine what the next necessary step is in the OIDC interaction.
+The response will contain a `location` field,
+containing the URL to the next page the user should go to,
+and a `prompt` field,
+indicating the next step that is necessary to progress the OIDC interaction.
+The three possible prompts are the following:
+
+* **account**: The user needs to log in, so they have an account cookie.
+* **login**: The user needs to pick the WebID they want to use in the resulting OIDC token.
+* **consent**: The user needs to consent to the interaction.
+
+#### controls.oidc.webId
+
+Relevant for solving the **login** prompt.
+GET request will return a list of WebIDs the user can choose from.
+This is the same result as requesting the account information and looking at the linked WebIDs.
+The POST requests expects a `webId` value and optionally a `remember` boolean.
+The latter determines if the server should remember the picked WebID for later interactions.
+
+#### controls.oidc.forgetWebId
+
+POST requests to this API will cause the OIDC interaction to forget the picked WebID
+so a new one can be picked by the user.
+
+#### controls.oidc.consent
+
+A GET request to this API will return all the relevant information about the client doing the request.
+A POST requests causes the OIDC interaction to finish.
+It can have an optional `remember` value, which allows for refresh tokens if it is set to true.
+
+#### controls.html
+
+All these controls link to HTML pages and are thus mostly relevant to provide links to let the user navigate around.
+
+## Example
+
+Below is an example of a controls object in a response.
+
+```json
+{
+  "main": {
+    "index": "http://localhost:3000/.account/",
+    "logins": "http://localhost:3000/.account/login/"
+  },
+  "account": {
+    "create": "http://localhost:3000/.account/account/",
+    "logout": "http://localhost:3000/.account/account/ade5c046-e882-4b56-80f4-18cb16433360/logout/",
+    "webId": "http://localhost:3000/.account/account/ade5c046-e882-4b56-80f4-18cb16433360/webid/",
+    "pod": "http://localhost:3000/.account/account/ade5c046-e882-4b56-80f4-18cb16433360/pod/",
+    "clientCredentials": "http://localhost:3000/.account/account/ade5c046-e882-4b56-80f4-18cb16433360/client-credentials/",
+    "account": "http://localhost:3000/.account/account/ade5c046-e882-4b56-80f4-18cb16433360/"
+  },
+  "password": {
+    "create": "http://localhost:3000/.account/account/ade5c046-e882-4b56-80f4-18cb16433360/login/password/",
+    "login": "http://localhost:3000/.account/login/password/",
+    "forgot": "http://localhost:3000/.account/login/password/forgot/",
+    "reset": "http://localhost:3000/.account/login/password/reset/"
+  },
+  "oidc": {
+    "cancel": "http://localhost:3000/.account/oidc/cancel/",
+    "prompt": "http://localhost:3000/.account/oidc/prompt/",
+    "webId": "http://localhost:3000/.account/oidc/pick-webid/",
+    "forgetWebId": "http://localhost:3000/.account/oidc/forget-webid/",
+    "consent": "http://localhost:3000/.account/oidc/consent/"
+  },
+  "html": {
+    "main": {
+      "login": "http://localhost:3000/.account/login/"
+    },
+    "account": {
+      "createClientCredentials": "http://localhost:3000/.account/account/ade5c046-e882-4b56-80f4-18cb16433360/client-credentials/",
+      "createPod": "http://localhost:3000/.account/account/ade5c046-e882-4b56-80f4-18cb16433360/pod/",
+      "linkWebId": "http://localhost:3000/.account/account/ade5c046-e882-4b56-80f4-18cb16433360/webid/",
+      "account": "http://localhost:3000/.account/account/ade5c046-e882-4b56-80f4-18cb16433360/"
+    },
+    "password": {
+      "register": "http://localhost:3000/.account/login/password/register/",
+      "login": "http://localhost:3000/.account/login/password/",
+      "create": "http://localhost:3000/.account/account/ade5c046-e882-4b56-80f4-18cb16433360/login/password/",
+      "forgot": "http://localhost:3000/.account/login/password/forgot/"
+    }
+  }
+}
+```

documentation/markdown/usage/account/login-method.md

@@ -0,0 +1,118 @@
+# Adding a new login method
+
+By default, the server allows users to use email/password combinations to identify as the owner of their account.
+But, just like with many other parts of the server,
+this can be extended so other login methods can be used.
+Here we'll cover everything that is necessary.
+
+## Components
+
+These are the components that are needed for adding a new login method.
+Not all of these are mandatory,
+but they can make the life of the user easier when trying to find and use the new method.
+Also have a look at the general [structure](../../architecture/features/accounts/routes.md)
+of new API components to see what is expected of such a component.
+
+### Create component
+
+There needs to be one or more components that allow a user
+to create an instance of the new login method and assign it to their account.
+The `CreatePasswordHandler` can be used as an example.
+This does not necessarily have to happen in a single request,
+potentially multiple requests can be used if the user has to perform actions on an external site for example.
+The only thing that matters is that at the end there is a new entry in the account's `logins` object.
+
+When adding logins of your method a new key will need to be chosen to group these logins together.
+The email/password method uses `password` for example.
+
+A new storage will probably need to be created to storage relevant metadata about this login method entry.
+Below is an example of how the `PasswordStore` is created:
+
+```json
+{
+  "@id": "urn:solid-server:default:PasswordStore",
+  "@type": "BasePasswordStore",
+  "storage": {
+    "@id": "urn:solid-server:default:PasswordStorage",
+    "@type": "EncodingPathStorage",
+    "relativePath": "/accounts/logins/password/",
+    "source": {
+      "@id": "urn:solid-server:default:KeyValueStorage"
+    }
+  }
+}
+```
+
+### Login component
+
+After creating a login instance, a user needs to be able to log in using the new method.
+This can again be done with multiple API calls if necessary,
+but the final one needs to be one that handles the necessary actions
+such as creating a cookie and finishing the OIDC interaction if necessary.
+The `ResolveLoginHandler` can be extended to take care of most of this,
+the `PasswordLoginHandler` provides an example of this.
+
+### Additional components
+
+Besides creating a login instance and logging in,
+it is always possible to offer additional functionality specific to this login method.
+The email/password method, for example, also has components for password recovery and updating a password.
+
+### HTML pages
+
+To make the life easier for users,
+at the very least you probably want to make an HTML page which people can use
+to create an instance of your login method.
+Besides that you could also make a page where people can combine creating an account with creating a login instance.
+The `templates/identity` folder contains all the pages the server has by default,
+which can be used as inspiration.
+
+These pages need to be linked to the `urn:solid-server:default:HtmlViewHandler`.
+Below is an example of this:
+
+```json
+{
+  "@id": "urn:solid-server:default:HtmlViewHandler",
+  "@type": "HtmlViewHandler",
+  "templates": [{
+    "@id": "urn:solid-server:default:CreatePasswordHtml",
+    "@type": "HtmlViewEntry",
+    "filePath": "@css:templates/identity/password/create.html.ejs",
+    "route": {
+      "@id": "urn:solid-server:default:AccountPasswordRoute"
+    }
+  }]
+}
+```
+
+### Updating the login handler
+
+The `urn:solid-server:default:LoginHandler` returns a list of available login methods,
+which are used to offer users a choice of which login method they want to use on the default login page.
+If you want the new method to also be offered you will have to add similar Components.js configuration:
+
+```json
+{
+  "@id": "urn:solid-server:default:LoginHandler",
+  "@type": "ControlHandler",
+  "controls": [
+    {
+      "ControlHandler:_controls_key": "Email/password combination",
+      "ControlHandler:_controls_value": {
+        "@id": "urn:solid-server:default:LoginPasswordRoute"
+      }
+    }
+  ]
+}
+```
+
+### Controls
+
+All new relevant API endpoints should be added to the controls object,
+otherwise there is no way for users to find out where to send their requests.
+Similarly, links to the HTML pages should also be in the controls, so they can be navigated to.
+Examples of how to do this can be found [here](../../architecture/features/accounts/routes.md).
+
+The default account overview page makes some assumptions about the controls when building the page.
+Specifically, it checks if `controls.html.<LOGIN_METHOD>.create` exists,
+if yes, it automatically creates a link on the page so users can create new login instances for their account.