feat: Full rework of account management

Complete rewrite of the account management and related systems. Makes the architecture more modular, allowing for easier extensions and configurations.
2024-10-03 14:55:10 +00:00 · 2022-03-16 10:12:13 +01:00 · 2022-03-16 10:12:13 +01:00 · a47f5236ef
commit a47f5236ef
parent ade977bb4f
366 changed files with 12345 additions and 5111 deletions
--- a/.componentsignore
+++ b/.componentsignore
@ -11,6 +11,7 @@
  "ChangeMap",
  "CredentialSet",
  "Dict",
  "EmptyObject",
  "Error",
  "EventEmitter",
  "FetchDocumentLoader",
@ -21,6 +22,7 @@
  "IndexTypeCollection",
  "IdentifierMap",
  "IdentifierSetMultiMap",
  "interactionPolicy.DefaultPolicy",
  "NodeJS.Dict",
  "NotificationChannelType",
  "PermissionMap",
--- a/RELEASE_NOTES.md
+++ b/RELEASE_NOTES.md
@ -5,13 +5,26 @@
 ### New features
 - The minimum supported Node version is now v18.
 - Account management and everything related to it have been drastically changed,
  see the [usage documentation](https://communitysolidserver.github.io/CommunitySolidServer/7.x/usage/identity-provider/)
  for an overview of the new features,
  and the [architecture documentation](http://communitysolidserver.github.io/CommunitySolidServer/7.x/architecture/features/accounts/overview/)
  for an overview of the new structure.
  Creating an account now requires multiple steps, but allows you to have multiple pods or WebIDs for 1 account.
  The architecture has been updated to be more easily extensible.
 - Pod seeding has been updated to account for the new account management, with an update CLI parameter `--seedConfig`,
  see the [updated documentation](https://communitysolidserver.github.io/CommunitySolidServer/7.x/usage/seeding-pods/)
  for more details.
 - Due to the changes in account management, setup has been removed completely.
  The `*-no-setup.json` configurations have been renamed to `*-root.json` to indicate their focus on the root container.
 - The `StaticAssetHandler` can now be used to link static pages to containers.
  This can be used to set a static page for the root container of a server.
  See the `/config/app/init/static-root.json` config for an example.
 ### Data migration
-No actions are required to migrate data.
+Old account data will need to be migrated as described in the
 [documentation](https://communitysolidserver.github.io/CommunitySolidServer/7.x/usage/account/migration/).
 ### Configuration changes
@ -23,16 +36,21 @@ The `@context` needs to be updated to
 The following changes pertain to the imports in the default configs:
 - There is a new `static-root.json` import option for `app/init`, setting a static page for the root container.
 - There is a new set of imports `identity/interaction` to determine the IDP features.
 - There is a new set of imports `storage/location` to determine where the root storage of the server is located.
 - The `app/setup`and `identity/registration` imports have been removed.
 The following changes are relevant for v6 custom configs that replaced certain features.
 - All configurations that had a reference to setup have been updated.
 - `/app/init/*` imports have changed. Functionality remained the same though.
 - All imports that define storages have been updated with new storage classes.
    - `/http/notifications/base/storage.json`
    - `/identity/*`
    - `/storage/keyvalue/storages/storages.json`
 - All identifiers containing the string "WebHook" have been renamed to instead use "Webhook"
  to be consistent with the notification type.
 - `/identity/*` configurations have drastically changed due to the account management update.
 - `/http/static/default.json` has been updated to allow easier overriding of the static resources.
 ### Interface changes
@ -45,6 +63,10 @@ These changes are relevant if you wrote custom modules for the server that depen
  `HashEncodingPathStorage` has similarly been replaced by introducing `HashEncodingStorage`.
 - All classes with the name `WebHook*` have been renamed to `Webhook*`
  to be consistent with the corresponding notification type.
 - Most classes related to the IDP have been changed.
 - All classes related to setup have been removed.
 - The `StaticAssetHandler` has bene updated to support the new functionality.
 - `SeededPodInitializer` has been renamed to `SeededAccountInitializer`.
 ## v6.1.0
--- a/config/app/README.md
+++ b/config/app/README.md
@ -8,8 +8,9 @@ Contains a list of initializer that need to be run when starting the server.
 * *default*: The default setup. The ParallelHandler can be used to add custom Initializers.
 * *initialize-root*: Makes sure the root container has the necessary resources to function properly.
-                     This is only relevant if setup is disabled but root container access is still required.
+* *initialize-prefilled-root*: Similar to `initialize-root` but adds an index page to the root container.
-* *initialize-prefilled-root*: Similar to `initialize-root` but adds some introductory resources to the root container.
+* *initialize-intro*: Similar to `initialize-prefilled-root` but adds an index page
                      specific to the memory-based server of the default configuration.
 * *static-root*: Shows a static introduction page at the server root. This is not a Solid resource.
 ## Main
--- a/config/app/init/base/init.json
+++ b/config/app/init/base/init.json
@ -4,7 +4,7 @@
    "css:config/app/init/initializers/base-url.json",
    "css:config/app/init/initializers/logger.json",
    "css:config/app/init/initializers/server.json",
-    "css:config/app/init/initializers/seeded-pod.json",
+    "css:config/app/init/initializers/seeding.json",
    "css:config/app/init/initializers/version.json",
    "css:config/app/init/initializers/workers.json"
  ],
@ -33,7 +33,7 @@
          { "@id": "urn:solid-server:default:CleanupInitializer"},
          { "@id": "urn:solid-server:default:BaseUrlVerifier" },
          { "@id": "urn:solid-server:default:PrimaryParallelInitializer" },
-          { "@id": "urn:solid-server:default:SeededPodInitializer" },
+          { "@id": "urn:solid-server:default:SeededAccountInitializer" },
          { "@id": "urn:solid-server:default:ModuleVersionVerifier" },
          { "@id": "urn:solid-server:default:WorkerManager" }
        ]
--- a/config/app/init/initialize-intro.json
+++ b/config/app/init/initialize-intro.json
@ -0,0 +1,22 @@
 {
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
  "import": [
    "css:config/app/init/default.json",
    "css:config/app/init/initializers/root.json"
  ],
  "@graph": [
    {
      "comment": "Initializes the root container resource.",
      "@id": "urn:solid-server:default:PrimaryParallelInitializer",
      "@type": "ParallelHandler",
      "handlers": [
        { "@id": "urn:solid-server:default:RootInitializer" }
      ]
    },
    {
      "@id": "urn:solid-server:default:RootFolderGenerator",
      "@type": "StaticFolderGenerator",
      "templateFolder": "@css:templates/root/intro"
    }
  ]
 }
--- a/config/app/init/initializers/seeded-pod.json
+++ b/config/app/init/initializers/seeded-pod.json
@ -1,23 +0,0 @@
 {
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
  "@graph": [
    {
      "comment": "Separate manager from the RegistrationHandler in case registration is disabled.",
      "@id": "urn:solid-server:default:SeededPodRegistrationManager",
      "@type": "RegistrationManager",
      "args_baseUrl": { "@id": "urn:solid-server:default:variable:baseUrl" },
      "args_webIdSuffix": "/profile/card#me",
      "args_identifierGenerator": { "@id": "urn:solid-server:default:IdentifierGenerator" },
      "args_ownershipValidator": { "@id": "urn:solid-server:auth:password:OwnershipValidator" },
      "args_accountStore": { "@id": "urn:solid-server:auth:password:AccountStore" },
      "args_podManager": { "@id": "urn:solid-server:default:PodManager" }
    },
    {
      "comment": "Initializer that instantiates all the seeded accounts and pods.",
      "@id": "urn:solid-server:default:SeededPodInitializer",
      "@type": "SeededPodInitializer",
      "registrationManager": { "@id": "urn:solid-server:default:SeededPodRegistrationManager" },
      "configFilePath": { "@id": "urn:solid-server:default:variable:seededPodConfigJson" }
    }
  ]
 }
--- a/config/app/init/initializers/seeding.json
+++ b/config/app/init/initializers/seeding.json
@ -0,0 +1,14 @@
 {
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
  "@graph": [
    {
      "comment": "Initializer that instantiates all the seeded accounts and pods.",
      "@id": "urn:solid-server:default:SeededAccountInitializer",
      "@type": "SeededAccountInitializer",
      "accountHandler": { "@id": "urn:solid-server:default:CreateAccountHandler" },
      "passwordHandler": { "@id": "urn:solid-server:default:CreatePasswordHandler" },
      "podHandler": { "@id": "urn:solid-server:default:CreatePodHandler" },
      "configFilePath": { "@id": "urn:solid-server:default:variable:seedConfig" }
    }
  ]
 }
--- a/config/app/variables/cli/cli.json
+++ b/config/app/variables/cli/cli.json
@ -105,11 +105,11 @@
        },
        {
          "@type": "YargsParameter",
-          "name": "seededPodConfigJson",
+          "name": "seedConfig",
          "options": {
            "requiresArg": true,
            "type": "string",
-            "describe": "Path to the file that will be used to seed pods."
+            "describe": "Path to the file that will be used to seed accounts and pods."
          }
        },
        {
--- a/config/app/variables/resolver/resolver.json
+++ b/config/app/variables/resolver/resolver.json
@ -68,10 +68,10 @@
          }
        },
        {
-          "CombinedShorthandResolver:_resolvers_key": "urn:solid-server:default:variable:seededPodConfigJson",
+          "CombinedShorthandResolver:_resolvers_key": "urn:solid-server:default:variable:seedConfig",
          "CombinedShorthandResolver:_resolvers_value": {
            "@type": "AssetPathExtractor",
-            "key": "seededPodConfigJson"
+            "key": "seedConfig"
          }
        },
        {
--- a/config/default.json
+++ b/config/default.json
@ -2,7 +2,7 @@
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
  "import": [
    "css:config/app/main/default.json",
-    "css:config/app/init/initialize-prefilled-root.json",
+    "css:config/app/init/initialize-intro.json",
    "css:config/app/variables/default.json",
    "css:config/http/handler/default.json",
    "css:config/http/middleware/default.json",
@ -12,9 +12,9 @@
    "css:config/identity/access/public.json",
    "css:config/identity/email/default.json",
    "css:config/identity/handler/default.json",
    "css:config/identity/interaction/default.json",
    "css:config/identity/ownership/token.json",
    "css:config/identity/pod/static.json",
    "css:config/identity/registration/enabled.json",
    "css:config/ldp/authentication/dpop-bearer.json",
    "css:config/ldp/authorization/webacl.json",
    "css:config/ldp/handler/default.json",
--- a/config/dynamic.json
+++ b/config/dynamic.json
@ -12,9 +12,9 @@
    "css:config/identity/access/public.json",
    "css:config/identity/email/default.json",
    "css:config/identity/handler/default.json",
    "css:config/identity/interaction/default.json",
    "css:config/identity/ownership/token.json",
    "css:config/identity/pod/dynamic.json",
    "css:config/identity/registration/enabled.json",
    "css:config/ldp/authentication/dpop-bearer.json",
    "css:config/ldp/authorization/webacl.json",
    "css:config/ldp/handler/default.json",
--- a/config/example-https-file.json
+++ b/config/example-https-file.json
@ -12,9 +12,9 @@
    "css:config/identity/access/public.json",
    "css:config/identity/email/default.json",
    "css:config/identity/handler/default.json",
    "css:config/identity/interaction/default.json",
    "css:config/identity/ownership/token.json",
    "css:config/identity/pod/static.json",
    "css:config/identity/registration/enabled.json",
    "css:config/ldp/authentication/dpop-bearer.json",
    "css:config/ldp/authorization/webacl.json",
    "css:config/ldp/handler/default.json",
--- a/config/file-acp.json
+++ b/config/file-acp.json
@ -12,9 +12,9 @@
    "css:config/identity/access/public.json",
    "css:config/identity/email/default.json",
    "css:config/identity/handler/default.json",
    "css:config/identity/interaction/default.json",
    "css:config/identity/ownership/token.json",
    "css:config/identity/pod/static.json",
    "css:config/identity/registration/enabled.json",
    "css:config/ldp/authentication/dpop-bearer.json",
    "css:config/ldp/authorization/acp.json",
    "css:config/ldp/handler/default.json",
--- a/config/file-root.json
+++ b/config/file-root.json
@ -12,9 +12,9 @@
    "css:config/identity/access/public.json",
    "css:config/identity/email/default.json",
    "css:config/identity/handler/default.json",
    "css:config/identity/interaction/no-accounts.json",
    "css:config/identity/ownership/token.json",
    "css:config/identity/pod/static.json",
    "css:config/identity/registration/disabled.json",
    "css:config/ldp/authentication/dpop-bearer.json",
    "css:config/ldp/authorization/webacl.json",
    "css:config/ldp/handler/default.json",
--- a/config/file.json
+++ b/config/file.json
@ -12,9 +12,9 @@
    "css:config/identity/access/public.json",
    "css:config/identity/email/default.json",
    "css:config/identity/handler/default.json",
    "css:config/identity/interaction/default.json",
    "css:config/identity/ownership/token.json",
    "css:config/identity/pod/static.json",
    "css:config/identity/registration/enabled.json",
    "css:config/ldp/authentication/dpop-bearer.json",
    "css:config/ldp/authorization/webacl.json",
    "css:config/ldp/handler/default.json",
--- a/config/http/notifications/base/description.json
+++ b/config/http/notifications/base/description.json
@ -21,7 +21,10 @@
      "comment": "The root URL of all Notification subscription routes.",
      "@id": "urn:solid-server:default:NotificationRoute",
      "@type": "RelativePathInteractionRoute",
-      "base": { "@id": "urn:solid-server:default:variable:baseUrl" },
+      "base": {
        "@type": "AbsolutePathInteractionRoute",
        "path": { "@id": "urn:solid-server:default:variable:baseUrl" }
      },
      "relativePath": "/.notifications/"
    }
  ]
--- a/config/http/notifications/webhooks/routes.json
+++ b/config/http/notifications/webhooks/routes.json
@ -11,7 +11,8 @@
      "@id": "urn:solid-server:default:WebhookWebIdRoute",
      "@type": "RelativePathInteractionRoute",
      "base": { "@id": "urn:solid-server:default:WebhookRoute" },
-      "relativePath": "/webId"
+      "relativePath": "/webId",
      "ensureSlash": false
    },
    {
--- a/config/https-file-cli.json
+++ b/config/https-file-cli.json
@ -12,9 +12,9 @@
    "css:config/identity/access/public.json",
    "css:config/identity/email/default.json",
    "css:config/identity/handler/default.json",
    "css:config/identity/interaction/default.json",
    "css:config/identity/ownership/token.json",
    "css:config/identity/pod/static.json",
    "css:config/identity/registration/enabled.json",
    "css:config/ldp/authentication/dpop-bearer.json",
    "css:config/ldp/authorization/webacl.json",
    "css:config/ldp/handler/default.json",
--- a/config/identity/README.md
+++ b/config/identity/README.md
@ -27,8 +27,15 @@ Necessary for sending e-mail when using IDP.
 Contains everything needed for setting up the Identity Provider.
-* *default*: As of writing there is not much customization possible.
+* *default*: Contains all the core components of the IDP.
-  This contains everything needed.
+
 ## Interaction
 Everything related to the JSON API and its routing.
 * *default*: Everything enabled.
 * *no-accounts*: Disables the creation of new accounts.
 * *no-pods*: Disables the creation of new pods.
 ## Ownership
@ -44,10 +51,3 @@ What to use for pod creation.
 * *dynamic*: Every created pod has its own Components.js config for its ResourceStore,
  which can differ from the others.
 * *static*: All pod data is stored in separate containers in the same ResourceStore.
 ## Registration
 If users should be able to register on the server.
 * *enabled*: Enables registration.
 * *disabled*: Disables registration.
--- a/config/identity/access/initializers/idp.json
+++ b/config/identity/access/initializers/idp.json
@ -11,7 +11,7 @@
      "source": {
        "@type": "ContainerInitializer",
        "args_baseUrl": { "@id": "urn:solid-server:default:variable:baseUrl" },
-        "args_path": "/idp/",
+        "args_path": "/.account/",
        "args_store": { "@id": "urn:solid-server:default:ResourceStore" },
        "args_generator": {
          "@type": "StaticFolderGenerator",
--- a/config/identity/email/default.json
+++ b/config/identity/email/default.json
@ -4,7 +4,8 @@
    {
      "comment": "The default configuration does not contain credentials for an email client. In production systems, you likely want to set up your own.",
      "@id": "urn:solid-server:default:EmailSender",
-      "@type": "UnsupportedAsyncHandler"
+      "@type": "UnsupportedAsyncHandler",
      "errorMessage": "No email server is configured."
    }
  ]
 }
--- a/config/identity/handler/account-store/default.json
+++ b/config/identity/handler/account-store/default.json
@ -1,35 +0,0 @@
 {
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
  "@graph": [
    {
      "comment": "The storage adapter that persists usernames, passwords, etc.",
      "@id": "urn:solid-server:auth:password:AccountStore",
      "@type": "BaseAccountStore",
      "saltRounds": 10,
      "storage": {
        "@type": "Base64EncodingStorage",
        "source": {
          "@type": "ContainerPathStorage",
          "relativePath": "/accounts/",
          "source": { "@id": "urn:solid-server:default:KeyValueStorage" }
        }
      },
      "forgotPasswordStorage": {
        "@id": "urn:solid-server:default:ExpiringForgotPasswordStorage"
      }
    },
    {
      "comment": "Stores expiring data. This class has a `finalize` function that needs to be called after stopping the server.",
      "@id": "urn:solid-server:default:ExpiringForgotPasswordStorage",
      "@type": "WrappedExpiringStorage",
      "source": {
        "@type": "Base64EncodingStorage",
        "source": {
          "@type": "ContainerPathStorage",
          "relativePath": "/forgot-password/",
          "source": { "@id": "urn:solid-server:default:KeyValueStorage" }
        }
      }
    }
  ]
 }
--- a/config/identity/handler/adapter-factory/webid.json
+++ b/config/identity/handler/adapter-factory/webid.json
@ -5,10 +5,11 @@
      "comment": "An adapter is responsible for storing all interaction metadata.",
      "@id": "urn:solid-server:default:IdpAdapterFactory",
      "@type": "ClientCredentialsAdapterFactory",
-      "storage": { "@id": "urn:solid-server:auth:password:CredentialsStorage" },
+      "accountStore": { "@id": "urn:solid-server:default:AccountStore" },
      "clientCredentialsStore": { "@id": "urn:solid-server:default:ClientCredentialsStore" },
      "source": {
        "@type": "WebIdAdapterFactory",
-        "converter": {"@id": "urn:solid-server:default:RepresentationConverter" },
+        "converter": { "@id": "urn:solid-server:default:RepresentationConverter" },
        "source": {
          "@type": "ExpiringAdapterFactory",
          "storage": {
--- a/config/identity/handler/default.json
+++ b/config/identity/handler/default.json
@ -1,46 +1,46 @@
 {
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
  "import": [
    "css:config/identity/handler/account-store/default.json",
    "css:config/identity/handler/adapter-factory/webid.json",
    "css:config/identity/handler/interaction/routes.json",
    "css:config/identity/handler/jwks/default.json",
-    "css:config/identity/handler/provider-factory/identity.json"
+    "css:config/identity/handler/provider-factory/identity.json",
    "css:config/identity/handler/storage/default.json",
    "css:config/identity/handler/storage/password.json"
  ],
  "@graph": [
    {
      "comment": "Routes all IDP related requests to the relevant handlers.",
      "@id": "urn:solid-server:default:IdentityProviderHandler",
      "@type": "RouterHandler",
-      "args_baseUrl": { "@id": "urn:solid-server:default:variable:baseUrl" },
+      "baseUrl": { "@id": "urn:solid-server:default:variable:baseUrl" },
-      "args_targetExtractor": { "@id": "urn:solid-server:default:TargetExtractor" },
+      "targetExtractor": { "@id": "urn:solid-server:default:TargetExtractor" },
-      "args_allowedPathNames": [ "^/idp/.*" ],
+      "allowedPathNames": [ "^/.account/.*" ],
-      "args_handler": { "@id": "urn:solid-server:default:IdentityProviderParsingHandler" }
+      "handler": { "@id": "urn:solid-server:default:IdentityProviderParsingHandler" }
    },
    {
      "comment": "Handles IDP input parsing.",
      "@id": "urn:solid-server:default:IdentityProviderParsingHandler",
      "@type": "ParsingHttpHandler",
-      "args_requestParser": { "@id": "urn:solid-server:default:RequestParser" },
+      "requestParser": { "@id": "urn:solid-server:default:RequestParser" },
-      "args_errorHandler": { "@id": "urn:solid-server:default:ErrorHandler" },
+      "errorHandler": { "@id": "urn:solid-server:default:ErrorHandler" },
-      "args_responseWriter": { "@id": "urn:solid-server:default:ResponseWriter" },
+      "responseWriter": { "@id": "urn:solid-server:default:ResponseWriter" },
-      "args_operationHandler": {
+      "operationHandler": {
        "comment": "Handles IDP input authorization. Permission reader should be set to allow all if no authorization is needed.",
        "@type": "AuthorizingHttpHandler",
        "@id": "urn:solid-server:default:IdentityProviderAuthorizingHandler",
-        "args_credentialsExtractor": { "@id": "urn:solid-server:default:CredentialsExtractor" },
+        "credentialsExtractor": { "@id": "urn:solid-server:default:CredentialsExtractor" },
-        "args_modesExtractor": { "@id": "urn:solid-server:default:ModesExtractor" },
+        "modesExtractor": { "@id": "urn:solid-server:default:ModesExtractor" },
-        "args_authorizer": { "@id": "urn:solid-server:default:Authorizer" },
+        "authorizer": { "@id": "urn:solid-server:default:Authorizer" },
-        "args_operationHandler": { "@id": "urn:solid-server:default:IdentityProviderHttpHandler" }
+        "operationHandler": { "@id": "urn:solid-server:default:IdentityProviderHttpHandler" }
      }
    },
    {
      "comment": "Handles IDP handler behaviour.",
      "@id": "urn:solid-server:default:IdentityProviderHttpHandler",
      "@type": "IdentityProviderHttpHandler",
-      "args_providerFactory": { "@id": "urn:solid-server:default:IdentityProviderFactory" },
+      "providerFactory": { "@id": "urn:solid-server:default:IdentityProviderFactory" },
-      "args_converter": { "@id": "urn:solid-server:default:RepresentationConverter" },
+      "cookieStore": { "@id": "urn:solid-server:default:CookieStore" },
-      "args_handler": { "@id": "urn:solid-server:default:InteractionHandler" }
+      "handler": { "@id": "urn:solid-server:default:InteractionHandler" }
    }
  ]
 }
--- a/config/identity/handler/interaction/routes.json
+++ b/config/identity/handler/interaction/routes.json
@ -1,52 +0,0 @@
 {
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
  "import": [
    "css:config/identity/handler/interaction/routes/consent.json",
    "css:config/identity/handler/interaction/routes/credentials.json",
    "css:config/identity/handler/interaction/routes/forgot-password.json",
    "css:config/identity/handler/interaction/routes/index.json",
    "css:config/identity/handler/interaction/routes/login.json",
    "css:config/identity/handler/interaction/routes/prompt.json",
    "css:config/identity/handler/interaction/routes/reset-password.json",
    "css:config/identity/handler/interaction/views/controls.json",
    "css:config/identity/handler/interaction/views/html.json"
  ],
  "@graph": [
    {
      "@id": "urn:solid-server:default:InteractionHandler",
      "@type": "WaterfallHandler",
      "handlers": [
        {
          "comment": "Returns the relevant HTML pages for the interactions when needed",
          "@id": "urn:solid-server:auth:password:HtmlViewHandler"
        },
        {
          "comment": "Adds controls and API version to JSON responses.",
          "@id": "urn:solid-server:auth:password:ControlHandler",
          "@type": "ControlHandler",
          "source" : { "@id": "urn:solid-server:auth:password:LocationInteractionHandler" }
        }
      ]
    },
    {
      "comment": "Converts 3xx redirects to 200 JSON responses for consumption by browser scripts.",
      "@id": "urn:solid-server:auth:password:LocationInteractionHandler",
      "@type": "LocationInteractionHandler",
      "source" : { "@id": "urn:solid-server:auth:password:InteractionRouteHandler" }
    },
    {
      "comment": "Handles every interaction based on their route.",
      "@id": "urn:solid-server:auth:password:InteractionRouteHandler",
      "@type": "WaterfallHandler",
      "handlers": [
        { "@id": "urn:solid-server:auth:password:IndexRouteHandler" },
        { "@id": "urn:solid-server:auth:password:PromptRouteHandler" },
        { "@id": "urn:solid-server:auth:password:LoginRouteHandler" },
        { "@id": "urn:solid-server:auth:password:ConsentRouteHandler" },
        { "@id": "urn:solid-server:auth:password:ForgotPasswordRouteHandler" },
        { "@id": "urn:solid-server:auth:password:ResetPasswordRouteHandler" },
        { "@id": "urn:solid-server:auth:password:CredentialsRouteHandler" }
      ]
    }
  ]
 }
--- a/config/identity/handler/interaction/routes/consent.json
+++ b/config/identity/handler/interaction/routes/consent.json
@ -1,21 +0,0 @@
 {
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
  "@graph": [
    {
      "comment": "Handles the interaction that occurs when a logged in user wants to authenticate with a new app.",
      "@id": "urn:solid-server:auth:password:ConsentRouteHandler",
      "@type":"InteractionRouteHandler",
      "route": {
        "@id": "urn:solid-server:auth:password:ConsentRoute",
        "@type": "RelativePathInteractionRoute",
        "base": { "@id": "urn:solid-server:auth:password:IndexRoute" },
        "relativePath": "/consent/"
      },
      "source": {
        "@id": "urn:solid-server:auth:password:ConsentHandler",
        "@type": "ConsentHandler",
        "providerFactory": { "@id": "urn:solid-server:default:IdentityProviderFactory" }
      }
    }
  ]
 }
--- a/config/identity/handler/interaction/routes/credentials.json
+++ b/config/identity/handler/interaction/routes/credentials.json
@ -1,53 +0,0 @@
 {
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
  "@graph": [
    {
      "comment": "Stores all client credential tokens.",
      "@id": "urn:solid-server:auth:password:CredentialsStorage",
      "@type": "Base64EncodingStorage",
      "source": {
        "@type": "ContainerPathStorage",
        "relativePath": "/accounts/credentials/",
        "source": { "@id": "urn:solid-server:default:KeyValueStorage" }
      }
    },
    {
      "comment": "Handles credential tokens. These can be used to automate clients. See documentation for more info.",
      "@id": "urn:solid-server:auth:password:CredentialsRouteHandler",
      "@type":"InteractionRouteHandler",
      "route": {
        "@id": "urn:solid-server:auth:password:CredentialsRoute",
        "@type": "RelativePathInteractionRoute",
        "base": { "@id": "urn:solid-server:auth:password:IndexRoute" },
        "relativePath": "/credentials/"
      },
      "source": {
        "@id": "urn:solid-server:auth:password:CredentialsHandler",
        "@type": "EmailPasswordAuthorizer",
        "accountStore": { "@id": "urn:solid-server:auth:password:AccountStore" },
        "source": {
          "@type": "WaterfallHandler",
          "handlers": [
            {
              "@type": "CreateCredentialsHandler",
              "accountStore": { "@id": "urn:solid-server:auth:password:AccountStore" },
              "credentialStorage": { "@id": "urn:solid-server:auth:password:CredentialsStorage" }
            },
            {
              "@type": "DeleteCredentialsHandler",
              "accountStore": { "@id": "urn:solid-server:auth:password:AccountStore" },
              "credentialStorage": { "@id": "urn:solid-server:auth:password:CredentialsStorage" }
            },
            {
              "@type": "ListCredentialsHandler",
              "accountStore": { "@id": "urn:solid-server:auth:password:AccountStore" }
            }
          ]
        }
      }
    },
    {
    }
  ]
 }
--- a/config/identity/handler/interaction/routes/forgot-password.json
+++ b/config/identity/handler/interaction/routes/forgot-password.json
@ -1,28 +0,0 @@
 {
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
  "@graph": [
    {
      "comment": "Handles the forgot password interaction",
      "@id": "urn:solid-server:auth:password:ForgotPasswordRouteHandler",
      "@type":"InteractionRouteHandler",
      "route": {
        "@id": "urn:solid-server:auth:password:ForgotPasswordRoute",
        "@type": "RelativePathInteractionRoute",
        "base": { "@id": "urn:solid-server:auth:password:IndexRoute" },
        "relativePath": "/forgotpassword/"
      },
      "source": {
        "@id": "urn:solid-server:auth:password:ForgotPasswordHandler",
        "@type": "ForgotPasswordHandler",
        "args_accountStore": { "@id": "urn:solid-server:auth:password:AccountStore" },
        "args_templateEngine": {
          "@type": "StaticTemplateEngine",
          "templateEngine": { "@id": "urn:solid-server:default:TemplateEngine" },
          "template": "@css:templates/identity/email-password/reset-password-email.html.ejs"
        },
        "args_emailSender": { "@id": "urn:solid-server:default:EmailSender" },
        "args_resetRoute": { "@id": "urn:solid-server:auth:password:ResetPasswordRoute" }
      }
    }
  ]
 }
--- a/config/identity/handler/interaction/routes/index.json
+++ b/config/identity/handler/interaction/routes/index.json
@ -1,21 +0,0 @@
 {
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
  "@graph": [
    {
      "comment": "Root API entry. Returns an empty body so we can add controls pointing to other interaction routes.",
      "@id": "urn:solid-server:auth:password:IndexRouteHandler",
      "@type": "InteractionRouteHandler",
      "route": {
        "@id": "urn:solid-server:auth:password:IndexRoute",
        "@type": "RelativePathInteractionRoute",
        "base": { "@id": "urn:solid-server:default:variable:baseUrl" },
        "relativePath": "/idp/"
      },
      "source": {
        "@id": "urn:solid-server:auth:password:IndexHandler",
        "@type": "FixedInteractionHandler",
        "response": {}
      }
    }
  ]
 }
--- a/config/identity/handler/interaction/routes/login.json
+++ b/config/identity/handler/interaction/routes/login.json
@ -1,21 +0,0 @@
 {
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
  "@graph": [
    {
      "comment": "Handles the login interaction",
      "@id": "urn:solid-server:auth:password:LoginRouteHandler",
      "@type": "InteractionRouteHandler",
      "route": {
        "@id": "urn:solid-server:auth:password:LoginRoute",
        "@type": "RelativePathInteractionRoute",
        "base": { "@id": "urn:solid-server:auth:password:IndexRoute" },
        "relativePath": "/login/"
      },
      "source": {
        "@id": "urn:solid-server:auth:password:LoginHandler",
        "@type": "LoginHandler",
        "accountStore": { "@id": "urn:solid-server:auth:password:AccountStore" }
      }
    }
  ]
 }
--- a/config/identity/handler/interaction/routes/prompt.json
+++ b/config/identity/handler/interaction/routes/prompt.json
@ -1,30 +0,0 @@
 {
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
  "@graph": [
    {
      "comment": "Handles OIDC redirects containing a prompt, such as login or consent.",
      "@id": "urn:solid-server:auth:password:PromptRouteHandler",
      "@type": "InteractionRouteHandler",
      "route": {
        "@id": "urn:solid-server:auth:password:PromptRoute",
        "@type": "RelativePathInteractionRoute",
        "base": { "@id": "urn:solid-server:auth:password:IndexRoute" },
        "relativePath": "/prompt/"
      },
      "source": {
        "@type": "PromptHandler",
        "@id": "urn:solid-server:auth:password:PromptHandler",
        "promptRoutes": [
          {
            "PromptHandler:_promptRoutes_key": "login",
            "PromptHandler:_promptRoutes_value": { "@id": "urn:solid-server:auth:password:LoginRoute" }
          },
          {
            "PromptHandler:_promptRoutes_key": "consent",
            "PromptHandler:_promptRoutes_value": { "@id": "urn:solid-server:auth:password:ConsentRoute" }
          }
        ]
      }
    }
  ]
 }
--- a/config/identity/handler/interaction/routes/reset-password.json
+++ b/config/identity/handler/interaction/routes/reset-password.json
@ -1,21 +0,0 @@
 {
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
  "@graph": [
    {
      "comment": "Handles the reset password interaction",
      "@id": "urn:solid-server:auth:password:ResetPasswordRouteHandler",
      "@type": "InteractionRouteHandler",
      "route": {
        "@id": "urn:solid-server:auth:password:ResetPasswordRoute",
        "@type": "RelativePathInteractionRoute",
        "base": { "@id": "urn:solid-server:auth:password:IndexRoute" },
        "relativePath": "/resetpassword/"
      },
      "source": {
        "@id": "urn:solid-server:auth:password:ResetPasswordHandler",
        "@type": "ResetPasswordHandler",
        "accountStore": { "@id": "urn:solid-server:auth:password:AccountStore" }
      }
    }
  ]
 }
--- a/config/identity/handler/interaction/views/controls.json
+++ b/config/identity/handler/interaction/views/controls.json
@ -1,31 +0,0 @@
 {
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
  "@graph": [
    {
      "@id": "urn:solid-server:auth:password:ControlHandler",
      "@type": "ControlHandler",
      "controls": [
        {
          "ControlHandler:_controls_key": "index",
          "ControlHandler:_controls_value": { "@id": "urn:solid-server:auth:password:IndexRoute" }
        },
        {
          "ControlHandler:_controls_key": "prompt",
          "ControlHandler:_controls_value": { "@id": "urn:solid-server:auth:password:PromptRoute" }
        },
        {
          "ControlHandler:_controls_key": "login",
          "ControlHandler:_controls_value": { "@id": "urn:solid-server:auth:password:LoginRoute" }
        },
        {
          "ControlHandler:_controls_key": "forgotPassword",
          "ControlHandler:_controls_value": { "@id": "urn:solid-server:auth:password:ForgotPasswordRoute" }
        },
        {
          "ControlHandler:_controls_key": "credentials",
          "ControlHandler:_controls_value": { "@id": "urn:solid-server:auth:password:CredentialsRoute" }
        }
      ]
    }
  ]
 }
--- a/config/identity/handler/interaction/views/html.json
+++ b/config/identity/handler/interaction/views/html.json
@ -1,45 +0,0 @@
 {
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
  "@graph": [
    {
      "@id": "urn:solid-server:auth:password:HtmlViewHandler",
      "@type": "HtmlViewHandler",
      "index": { "@id": "urn:solid-server:auth:password:IndexRoute" },
      "templateEngine": {
        "comment": "Renders the specific page and embeds it into the main HTML body.",
        "@type": "ChainedTemplateEngine",
        "renderedName": "htmlBody",
        "engines": [
          {
            "comment": "Will be called with specific templates to generate HTML snippets.",
            "@id": "urn:solid-server:default:TemplateEngine"
          },
          {
            "comment": "Will embed the result of the first engine into the main HTML template.",
            "@type": "StaticTemplateEngine",
            "templateEngine": { "@id": "urn:solid-server:default:TemplateEngine" },
            "template": "@css:templates/main.html.ejs"
          }
        ]
      },
      "templates": [
        {
          "HtmlViewHandler:_templates_key": "@css:templates/identity/email-password/login.html.ejs",
          "HtmlViewHandler:_templates_value": { "@id": "urn:solid-server:auth:password:LoginRoute" }
        },
        {
          "HtmlViewHandler:_templates_key": "@css:templates/identity/email-password/consent.html.ejs",
          "HtmlViewHandler:_templates_value": { "@id": "urn:solid-server:auth:password:ConsentRoute" }
        },
        {
          "HtmlViewHandler:_templates_key": "@css:templates/identity/email-password/forgot-password.html.ejs",
          "HtmlViewHandler:_templates_value": { "@id": "urn:solid-server:auth:password:ForgotPasswordRoute" }
        },
        {
          "HtmlViewHandler:_templates_key": "@css:templates/identity/email-password/reset-password.html.ejs",
          "HtmlViewHandler:_templates_value": { "@id": "urn:solid-server:auth:password:ResetPasswordRoute" }
        }
      ]
    }
  ]
 }
--- a/config/identity/handler/provider-factory/identity.json
+++ b/config/identity/handler/provider-factory/identity.json
@ -5,16 +5,28 @@
      "comment":  "Sets all the relevant Solid-OIDC parameters.",
      "@id": "urn:solid-server:default:IdentityProviderFactory",
      "@type": "IdentityProviderFactory",
      "promptFactory": {
        "@id": "urn:solid-server:default:PromptFactory",
        "@type": "SequenceHandler",
        "handlers": [
          {
            "@type": "AccountPromptFactory",
            "accountStore": { "@id": "urn:solid-server:default:AccountStore" },
            "cookieStore": { "@id": "urn:solid-server:default:CookieStore" },
            "cookieName": { "@id": "urn:solid-server:default:value:accountCookieName" }
          }
        ]
      },
      "adapterFactory": { "@id": "urn:solid-server:default:IdpAdapterFactory" },
      "baseUrl": { "@id": "urn:solid-server:default:variable:baseUrl" },
      "oidcPath": "/.oidc",
-      "interactionHandler": { "@id": "urn:solid-server:auth:password:PromptHandler" },
+      "clientCredentialsStore": { "@id": "urn:solid-server:default:ClientCredentialsStore" },
      "credentialStorage": { "@id": "urn:solid-server:auth:password:CredentialsStorage" },
      "storage": { "@id": "urn:solid-server:default:KeyStorage" },
      "jwkGenerator": { "@id": "urn:solid-server:default:JwkGenerator" },
      "showStackTrace": { "@id": "urn:solid-server:default:variable:showStackTrace" },
      "errorHandler": { "@id": "urn:solid-server:default:ErrorHandler" },
      "responseWriter": { "@id": "urn:solid-server:default:ResponseWriter" },
      "interactionRoute": { "@id": "urn:solid-server:default:IndexRoute" },
      "config": {
        "claims": {
          "openid": [ "azp" ],
--- a/config/identity/handler/storage/default.json
+++ b/config/identity/handler/storage/default.json
@ -0,0 +1,78 @@
 {
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
  "@graph": [
    {
      "@id": "urn:solid-server:default:AccountStore",
      "@type": "BaseAccountStore",
      "storage": {
        "@id": "urn:solid-server:default:AccountStorage",
        "@type": "WrappedExpiringStorage",
        "source": {
          "@type": "Base64EncodingStorage",
          "source": {
            "@type": "ContainerPathStorage",
            "relativePath": "/accounts/data/",
            "source": { "@id": "urn:solid-server:default:KeyValueStorage" }
          }
        }
      }
    },
    {
      "@id": "urn:solid-server:default:WebIdStore",
      "@type": "BaseWebIdStore",
      "webIdRoute": { "@id": "urn:solid-server:default:AccountWebIdLinkRoute" },
      "accountStore": { "@id": "urn:solid-server:default:AccountStore" },
      "storage": {
        "@id": "urn:solid-server:default:WebIdStorage",
        "@type": "Base64EncodingStorage",
        "source": {
          "@type": "ContainerPathStorage",
          "relativePath": "/accounts/webIds/",
          "source": { "@id": "urn:solid-server:default:KeyValueStorage" }
        }
      }
    },
    {
      "@id": "urn:solid-server:default:CookieStore",
      "@type": "BaseCookieStore",
      "storage": {
        "@id": "urn:solid-server:default:CookieStorage",
        "@type": "WrappedExpiringStorage",
        "source": {
          "@type": "Base64EncodingStorage",
          "source": {
            "@type": "ContainerPathStorage",
            "relativePath": "/accounts/cookies/",
            "source": { "@id": "urn:solid-server:default:KeyValueStorage" }
          }
        }
      }
    },
    {
      "@id": "urn:solid-server:default:PodStore",
      "@type": "BasePodStore",
      "accountStore": { "@id": "urn:solid-server:default:AccountStore" },
      "podRoute": { "@id": "urn:solid-server:default:AccountPodIdRoute" },
      "manager": { "@id": "urn:solid-server:default:PodManager" }
    },
    {
      "@id": "urn:solid-server:default:ClientCredentialsStore",
      "@type": "BaseClientCredentialsStore",
      "clientCredentialsRoute": { "@id": "urn:solid-server:default:AccountClientCredentialsIdRoute" },
      "accountStore": { "@id": "urn:solid-server:default:AccountStore" },
      "storage": {
        "@id": "urn:solid-server:default:ClientCredentialsStorage",
        "@type": "Base64EncodingStorage",
        "source": {
          "@type": "ContainerPathStorage",
          "relativePath": "/accounts/client-credentials/",
          "source": { "@id": "urn:solid-server:default:KeyValueStorage" }
        }
      }
    }
  ]
 }
--- a/config/identity/handler/storage/password.json
+++ b/config/identity/handler/storage/password.json
@ -0,0 +1,35 @@
 {
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
  "@graph": [
    {
      "@id": "urn:solid-server:default:PasswordStore",
      "@type": "BasePasswordStore",
      "storage": {
        "@id": "urn:solid-server:default:PasswordStorage",
        "@type": "Base64EncodingStorage",
        "source": {
          "@type": "ContainerPathStorage",
          "relativePath": "/accounts/logins/password/",
          "source": { "@id": "urn:solid-server:default:KeyValueStorage" }
        }
      }
    },
    {
      "@id": "urn:solid-server:default:ForgotPasswordStore",
      "@type": "BaseForgotPasswordStore",
      "storage": {
        "@id": "urn:solid-server:default:ForgotPasswordStorage",
        "@type": "WrappedExpiringStorage",
        "source": {
          "@type": "Base64EncodingStorage",
          "source": {
            "@type": "ContainerPathStorage",
            "relativePath": "/accounts/logins/password/forgot/",
            "source": {  "@id": "urn:solid-server:default:KeyValueStorage" }
          }
        }
      }
    }
  ]
 }
--- a/config/identity/interaction/default.json
+++ b/config/identity/interaction/default.json
@ -0,0 +1,16 @@
 {
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
  "import": [
    "css:config/identity/interaction/routing/default.json",
    "css:config/identity/interaction/enable/account.json",
    "css:config/identity/interaction/enable/client-credentials.json",
    "css:config/identity/interaction/enable/password.json",
    "css:config/identity/interaction/enable/pod.json",
    "css:config/identity/interaction/enable/webid.json"
  ],
  "@graph": [
    {
      "comment": "Enables all account-related features."
    }
  ]
 }
--- a/config/identity/interaction/enable/account.json
+++ b/config/identity/interaction/enable/account.json
@ -0,0 +1,56 @@
 {
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
  "@graph": [
    {
      "comment": "Enable account creation."
    },
    {
      "@id": "urn:solid-server:default:InteractionRouteHandler",
      "@type": "WaterfallHandler",
      "handlers": [{ "@id": "urn:solid-server:default:AccountRouter" }]
    },
    {
      "@id": "urn:solid-server:default:AccountControlHandler",
      "@type": "ControlHandler",
      "controls": [{
        "ControlHandler:_controls_key": "create",
        "ControlHandler:_controls_value": { "@id": "urn:solid-server:default:AccountRoute" }
      }]
    },
    {
      "comment": "The parts below are specific for password logins, but will not cause issues should password logins be disabled."
    },
    {
      "comment": "Route only used for an HTML page (and its corresponding controls).",
      "@id": "urn:solid-server:default:RegisterPasswordRoute",
      "@type": "RelativePathInteractionRoute",
      "base": { "@id": "urn:solid-server:default:LoginPasswordRoute" },
      "relativePath": "register/"
    },
    {
      "@id": "urn:solid-server:default:HtmlViewHandler",
      "@type": "HtmlViewHandler",
      "templates": [
        {
          "@id": "urn:solid-server:default:RegisterPasswordAccountHtml",
          "@type": "HtmlViewEntry",
          "filePath": "@css:templates/identity/password/register.html.ejs",
          "route": { "@id": "urn:solid-server:default:RegisterPasswordRoute" }
        }
      ]
    },
    {
      "@id": "urn:solid-server:default:PasswordHtmlControlHandler",
      "@type": "ControlHandler",
      "controls": [
        {
          "ControlHandler:_controls_key": "register",
          "ControlHandler:_controls_value": { "@id": "urn:solid-server:default:RegisterPasswordRoute" }
        }
      ]
    }
  ]
 }
--- a/config/identity/interaction/enable/client-credentials.json
+++ b/config/identity/interaction/enable/client-credentials.json
@ -0,0 +1,43 @@
 {
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
  "@graph": [
    {
      "comment": "Enable client credentials creation."
    },
    {
      "@id": "urn:solid-server:default:InteractionRouteHandler",
      "@type": "WaterfallHandler",
      "handlers": [{ "@id": "urn:solid-server:default:AccountClientCredentialsRouter" }]
    },
    {
      "@id": "urn:solid-server:default:AccountControlHandler",
      "@type": "ControlHandler",
      "controls": [{
        "ControlHandler:_controls_key": "clientCredentials",
        "ControlHandler:_controls_value": { "@id": "urn:solid-server:default:AccountClientCredentialsRoute" }
      }]
    },
    {
      "@id": "urn:solid-server:default:HtmlViewHandler",
      "@type": "HtmlViewHandler",
      "templates": [{
        "@id": "urn:solid-server:default:CreateClientCredentialsHtml",
        "@type": "HtmlViewEntry",
        "filePath": "@css:templates/identity/account/create-client-credentials.html.ejs",
        "route": { "@id": "urn:solid-server:default:AccountClientCredentialsRoute" }
      }]
    },
    {
      "ControlHandler:_controls_value": {
        "@id": "urn:solid-server:default:AccountHtmlControlHandler",
        "@type": "ControlHandler",
        "controls": [{
          "ControlHandler:_controls_key": "createClientCredentials",
          "ControlHandler:_controls_value": { "@id": "urn:solid-server:default:AccountClientCredentialsRoute" }
        }]
      }
    }
  ]
 }
--- a/config/identity/interaction/enable/password.json
+++ b/config/identity/interaction/enable/password.json
@ -0,0 +1,52 @@
 {
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
  "@graph": [
    {
      "comment": "Enable creating email/password combinations as a login mechanism."
    },
    {
      "@id": "urn:solid-server:default:ControlHandler",
      "@type": "ControlHandler",
      "controls": [
        {
          "ControlHandler:_controls_key": "password",
          "ControlHandler:_controls_value": {
            "comment": "All controls associated with the password login method.",
            "@id": "urn:solid-server:default:PasswordControlHandler",
            "@type": "ControlHandler",
            "controls": []
          }
        }
      ]
    },
    {
      "comment": "Adds a link to the login page of this auth method to the list that contains all options",
      "@id": "urn:solid-server:default:LoginHandler",
      "@type": "ControlHandler",
      "controls": [
        {
          "ControlHandler:_controls_key": "Email/password combination",
          "ControlHandler:_controls_value": { "@id": "urn:solid-server:default:LoginPasswordRoute" }
        }
      ]
    },
    {
      "@id": "urn:solid-server:default:HtmlControlHandler",
      "@type": "ControlHandler",
      "controls": [
        {
          "ControlHandler:_controls_key": "password",
          "ControlHandler:_controls_value": {
            "comment": "Contains the controls linking to all HTML pages related to password authentication.",
            "@id": "urn:solid-server:default:PasswordHtmlControlHandler",
            "@type": "ControlHandler",
            "controls": []
          }
        }
      ]
    }
  ]
 }
--- a/config/identity/interaction/enable/pod.json
+++ b/config/identity/interaction/enable/pod.json
@ -0,0 +1,44 @@
 {
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
  "@graph": [
    {
      "comment": "Enable pod creation."
    },
    {
      "@id": "urn:solid-server:default:InteractionRouteHandler",
      "@type": "WaterfallHandler",
      "handlers": [
        { "@id": "urn:solid-server:default:AccountPodRouter" }
      ]
    },
    {
      "@id": "urn:solid-server:default:AccountControlHandler",
      "@type": "ControlHandler",
      "controls": [{
        "ControlHandler:_controls_key": "pod",
        "ControlHandler:_controls_value": { "@id": "urn:solid-server:default:AccountPodRoute" }
      }]
    },
    {
      "@id": "urn:solid-server:default:HtmlViewHandler",
      "@type": "HtmlViewHandler",
      "templates": [{
        "@id": "urn:solid-server:default:CreatePodHtml",
        "@type": "HtmlViewEntry",
        "filePath": "@css:templates/identity/account/create-pod.html.ejs",
        "route": { "@id": "urn:solid-server:default:AccountPodRoute" }
      }]
    },
    {
      "@id": "urn:solid-server:default:AccountHtmlControlHandler",
      "@type": "ControlHandler",
      "controls": [{
        "ControlHandler:_controls_key": "createPod",
        "ControlHandler:_controls_value": { "@id": "urn:solid-server:default:AccountPodRoute" }
      }]
    }
  ]
 }
--- a/config/identity/interaction/enable/webid.json
+++ b/config/identity/interaction/enable/webid.json
@ -0,0 +1,44 @@
 {
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
  "@graph": [
    {
      "comment": "Enable linking WebIDs to an account."
    },
    {
      "@id": "urn:solid-server:default:InteractionRouteHandler",
      "@type": "WaterfallHandler",
      "handlers": [
        { "@id": "urn:solid-server:default:AccountWebIdRouter" }
      ]
    },
    {
      "@id": "urn:solid-server:default:AccountControlHandler",
      "@type": "ControlHandler",
      "controls": [{
        "ControlHandler:_controls_key": "webId",
        "ControlHandler:_controls_value": { "@id": "urn:solid-server:default:AccountWebIdRoute" }
      }]
    },
    {
      "@id": "urn:solid-server:default:HtmlViewHandler",
      "@type": "HtmlViewHandler",
      "templates": [{
        "@id": "urn:solid-server:default:LinkWebIdHtml",
        "@type": "HtmlViewEntry",
        "filePath": "@css:templates/identity/account/link-webid.html.ejs",
        "route": { "@id": "urn:solid-server:default:AccountWebIdRoute" }
      }]
    },
    {
      "@id": "urn:solid-server:default:AccountHtmlControlHandler",
      "@type": "ControlHandler",
      "controls": [{
        "ControlHandler:_controls_key": "linkWebId",
        "ControlHandler:_controls_value": { "@id": "urn:solid-server:default:AccountWebIdRoute" }
      }]
    }
  ]
 }
--- a/config/identity/interaction/no-accounts.json
+++ b/config/identity/interaction/no-accounts.json
@ -0,0 +1,15 @@
 {
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
  "import": [
    "css:config/identity/interaction/routing/default.json",
    "css:config/identity/interaction/enable/client-credentials.json",
    "css:config/identity/interaction/enable/password.json",
    "css:config/identity/interaction/enable/pod.json",
    "css:config/identity/interaction/enable/webid.json"
  ],
  "@graph": [
    {
      "comment": "Disables account creation."
    }
  ]
 }
--- a/config/identity/interaction/no-pods.json
+++ b/config/identity/interaction/no-pods.json
@ -0,0 +1,15 @@
 {
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
  "import": [
    "css:config/identity/interaction/routing/default.json",
    "css:config/identity/interaction/enable/account.json",
    "css:config/identity/interaction/enable/client-credentials.json",
    "css:config/identity/interaction/enable/password.json",
    "css:config/identity/interaction/enable/webid.json"
  ],
  "@graph": [
    {
      "comment": "Disabled pod creation."
    }
  ]
 }
--- a/config/identity/interaction/routing/account/create.json
+++ b/config/identity/interaction/routing/account/create.json
@ -0,0 +1,37 @@
 {
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
  "@graph": [
    {
      "comment": "Handles the account creation",
      "@id": "urn:solid-server:default:AccountRouter",
      "@type": "InteractionRouteHandler",
      "route": {
        "@id": "urn:solid-server:default:AccountRoute",
        "@type": "RelativePathInteractionRoute",
        "base": { "@id": "urn:solid-server:default:IndexRoute" },
        "relativePath": "account/"
      },
      "source": {
        "@type": "ViewInteractionHandler",
        "source": {
          "@id": "urn:solid-server:default:CreateAccountHandler",
          "@type": "CreateAccountHandler",
          "accountStore": { "@id": "urn:solid-server:default:AccountStore" },
          "cookieStore": { "@id": "urn:solid-server:default:CookieStore" },
          "accountRoute": { "@id": "urn:solid-server:default:AccountIdRoute" }
        }
      }
    },
    {
      "@id": "urn:solid-server:default:HtmlViewHandler",
      "@type": "HtmlViewHandler",
      "templates": [{
        "@id": "urn:solid-server:default:AccountHtml",
        "@type": "HtmlViewEntry",
        "filePath": "@css:templates/identity/account/account.html.ejs",
        "route": { "@id": "urn:solid-server:default:AccountRoute" }
      }]
    }
  ]
 }
--- a/config/identity/interaction/routing/account/login.json
+++ b/config/identity/interaction/routing/account/login.json
@ -0,0 +1,14 @@
 {
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
  "@graph": [
    {
      "comment": "Base account login route that specific login implementations can extend.",
      "@id": "urn:solid-server:default:AccountLoginRoute",
      "@type": "RelativePathInteractionRoute",
      "base": {
        "@id": "urn:solid-server:default:AccountIdRoute"
      },
      "relativePath": "login/"
    }
  ]
 }
--- a/config/identity/interaction/routing/account/logout.json
+++ b/config/identity/interaction/routing/account/logout.json
@ -0,0 +1,40 @@
 {
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
  "@graph": [
    {
      "comment": "Handles logging a user out.",
      "@id": "urn:solid-server:default:AccountLogoutRouter",
      "@type": "AuthorizedRouteHandler",
      "route": {
        "@id": "urn:solid-server:default:AccountLogoutRoute",
        "@type": "RelativePathInteractionRoute",
        "base": { "@id": "urn:solid-server:default:AccountIdRoute" },
        "relativePath": "logout/"
      },
      "source": {
        "@type": "MethodFilterHandler",
        "methods": [ "POST" ],
        "source": {
          "@id": "urn:solid-server:default:LogoutHandler",
          "@type": "LogoutHandler",
          "cookieStore": { "@id": "urn:solid-server:default:CookieStore" }
        }
      }
    },
    {
      "@id": "urn:solid-server:default:InteractionRouteHandler",
      "@type": "WaterfallHandler",
      "handlers": [{ "@id": "urn:solid-server:default:AccountLogoutRouter" }]
    },
    {
      "@id": "urn:solid-server:default:AccountControlHandler",
      "@type": "ControlHandler",
      "controls": [{
        "ControlHandler:_controls_key": "logout",
        "ControlHandler:_controls_value": { "@id": "urn:solid-server:default:AccountLogoutRoute" }
      }]
    }
  ]
 }
--- a/config/identity/interaction/routing/account/main.json
+++ b/config/identity/interaction/routing/account/main.json
@ -0,0 +1,42 @@
 {
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
  "import": [
    "css:config/identity/interaction/routing/account/create.json",
    "css:config/identity/interaction/routing/account/login.json",
    "css:config/identity/interaction/routing/account/logout.json",
    "css:config/identity/interaction/routing/account/resource.json"
  ],
  "@graph": [
    {
      "@id": "urn:solid-server:default:ControlHandler",
      "@type": "ControlHandler",
      "controls": [
        {
          "ControlHandler:_controls_key": "account",
          "ControlHandler:_controls_value": {
            "comment": "All controls related to account management.",
            "@id": "urn:solid-server:default:AccountControlHandler",
            "@type": "ControlHandler",
            "controls": []
          }
        }
      ]
    },
    {
      "@id": "urn:solid-server:default:HtmlControlHandler",
      "@type": "ControlHandler",
      "controls": [
        {
          "ControlHandler:_controls_key": "account",
          "ControlHandler:_controls_value": {
            "comment": "Controls linking to account-related HTML pages.",
            "@id": "urn:solid-server:default:AccountHtmlControlHandler",
            "@type": "ControlHandler",
            "controls": []
          }
        }
      ]
    }
  ]
 }
--- a/config/identity/interaction/routing/account/resource.json
+++ b/config/identity/interaction/routing/account/resource.json
@ -0,0 +1,60 @@
 {
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
  "@graph": [
    {
      "comment": "Handles the account details.",
      "@id": "urn:solid-server:default:AccountIdRouter",
      "@type": "AuthorizedRouteHandler",
      "route": {
        "@id": "urn:solid-server:default:AccountIdRoute",
        "@type": "BaseAccountIdRoute",
        "base": { "@id": "urn:solid-server:default:AccountRoute" }
      },
      "source": {
        "@id": "urn:solid-server:default:AccountResourceHandler",
        "@type": "MethodFilterHandler",
        "methods": [ "GET" ],
        "source": {
          "@type": "AccountDetailsHandler",
          "accountStore": { "@id": "urn:solid-server:default:AccountStore" }
        }
      }
    },
    {
      "@id": "urn:solid-server:default:InteractionRouteHandler",
      "@type": "WaterfallHandler",
      "handlers": [{ "@id": "urn:solid-server:default:AccountIdRouter" }]
    },
    {
      "@id": "urn:solid-server:default:AccountControlHandler",
      "@type": "ControlHandler",
      "controls": [{
        "ControlHandler:_controls_key": "account",
        "ControlHandler:_controls_value": { "@id": "urn:solid-server:default:AccountIdRoute" }
      }]
    },
    {
      "@id": "urn:solid-server:default:HtmlViewHandler",
      "@type": "HtmlViewHandler",
      "templates": [{
        "@id": "urn:solid-server:default:AccountIdHtml",
        "@type": "HtmlViewEntry",
        "filePath": "@css:templates/identity/account/resource.html.ejs",
        "route": { "@id": "urn:solid-server:default:AccountIdRoute" }
      }]
    },
    {
      "@id": "urn:solid-server:default:AccountHtmlControlHandler",
      "@type": "ControlHandler",
      "controls": [
        {
          "ControlHandler:_controls_key": "account",
          "ControlHandler:_controls_value": { "@id": "urn:solid-server:default:AccountIdRoute" }
        }
      ]
    }
  ]
 }
--- a/config/identity/interaction/routing/client-credentials/create.json
+++ b/config/identity/interaction/routing/client-credentials/create.json
@ -0,0 +1,25 @@
 {
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
  "@graph": [
    {
      "comment": "Handles credential tokens. These can be used to automate clients. See documentation for more info.",
      "@id": "urn:solid-server:default:AccountClientCredentialsRouter",
      "@type": "AuthorizedRouteHandler",
      "route": {
        "@id": "urn:solid-server:default:AccountClientCredentialsRoute",
        "@type": "RelativePathInteractionRoute",
        "base": { "@id": "urn:solid-server:default:AccountIdRoute" },
        "relativePath": "client-credentials/"
      },
      "source": {
        "@type": "ViewInteractionHandler",
        "source": {
          "@id": "urn:solid-server:default:CreateClientCredentialsHandler",
          "@type": "CreateClientCredentialsHandler",
          "accountStore": { "@id": "urn:solid-server:default:AccountStore" },
          "clientCredentialsStore": { "@id": "urn:solid-server:default:ClientCredentialsStore" }
        }
      }
    }
  ]
 }
--- a/config/identity/interaction/routing/client-credentials/resource.json
+++ b/config/identity/interaction/routing/client-credentials/resource.json
@ -0,0 +1,45 @@
 {
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
  "@graph": [
    {
      "comment": "Handles the client credentials link details such as deletion.",
      "@id": "urn:solid-server:default:AccountClientCredentialsIdRouter",
      "@type": "AuthorizedRouteHandler",
      "route": {
        "@id": "urn:solid-server:default:AccountClientCredentialsIdRoute",
        "@type": "BaseClientCredentialsIdRoute",
        "base": { "@id": "urn:solid-server:default:AccountClientCredentialsRoute" }
      },
      "source": {
        "@id": "urn:solid-server:default:ClientCredentialsResourceHandler",
        "@type": "WaterfallHandler",
        "handlers": [
          {
            "@type": "MethodFilterHandler",
            "methods": [ "GET" ],
            "source": {
              "@type": "ClientCredentialsDetailsHandler",
              "accountStore": { "@id": "urn:solid-server:default:AccountStore" },
              "clientCredentialsStore": { "@id": "urn:solid-server:default:ClientCredentialsStore" }
            }
          },
          {
            "@type": "MethodFilterHandler",
            "methods": [ "DELETE" ],
            "source": {
              "@type": "DeleteClientCredentialsHandler",
              "accountStore": { "@id": "urn:solid-server:default:AccountStore" },
              "clientCredentialsStore": { "@id": "urn:solid-server:default:ClientCredentialsStore" }
            }
          }
        ]
      }
    },
    {
      "@id": "urn:solid-server:default:InteractionRouteHandler",
      "@type": "WaterfallHandler",
      "handlers": [{ "@id": "urn:solid-server:default:AccountClientCredentialsIdRouter" }]
    }
  ]
 }
--- a/config/identity/interaction/routing/core/index.json
+++ b/config/identity/interaction/routing/core/index.json
@ -0,0 +1,49 @@
 {
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
  "@graph": [
    {
      "comment": "Root API entry. Returns an empty body so we can add controls pointing to other interaction routes.",
      "@id": "urn:solid-server:default:IndexRouter",
      "@type": "InteractionRouteHandler",
      "route": {
        "@id": "urn:solid-server:default:IndexRoute",
        "@type": "RelativePathInteractionRoute",
        "base": {
          "@type": "AbsolutePathInteractionRoute",
          "path": { "@id": "urn:solid-server:default:variable:baseUrl" }
        },
        "relativePath": ".account/"
      },
      "source": {
        "@type": "StaticInteractionHandler",
        "response": {}
      }
    },
    {
      "@id": "urn:solid-server:default:InteractionRouteHandler",
      "@type": "WaterfallHandler",
      "handlers": [{ "@id": "urn:solid-server:default:IndexRouter" }]
    },
    {
      "@id": "urn:solid-server:default:MainControlHandler",
      "@type": "ControlHandler",
      "controls": [{
        "ControlHandler:_controls_key": "index",
        "ControlHandler:_controls_value": { "@id": "urn:solid-server:default:IndexRoute" }
      }]
    },
    {
      "@id": "urn:solid-server:default:HtmlViewHandler",
      "@type": "HtmlViewHandler",
      "templates": [{
        "@id": "urn:solid-server:default:IndexHtml",
        "@type": "HtmlViewEntry",
        "filePath": "@css:templates/identity/index.html.ejs",
        "route": { "@id": "urn:solid-server:default:IndexRoute" }
      }]
    }
  ]
 }
--- a/config/identity/interaction/routing/core/login.json
+++ b/config/identity/interaction/routing/core/login.json
@ -0,0 +1,72 @@
 {
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
  "@graph": [
    {
      "comment": "Returns the links of the HTML pages that can be used to log in with specific methods.",
      "@id": "urn:solid-server:default:LoginRouter",
      "@type": "InteractionRouteHandler",
      "route": {
        "@id": "urn:solid-server:default:LoginRoute",
        "@type": "RelativePathInteractionRoute",
        "base": { "@id": "urn:solid-server:default:IndexRoute" },
        "relativePath": "login/"
      },
      "source": {
        "@type": "MethodFilterHandler",
        "methods": [ "GET" ],
        "source": {
          "@type": "ControlHandler",
          "controls": [
            {
              "ControlHandler:_controls_key": "logins",
              "ControlHandler:_controls_value": {
                "comment": "New login methods should add a link to their HTML login page here. This list can be used when multiple login methods exist to make a choice.",
                "@id": "urn:solid-server:default:LoginHandler",
                "@type": "ControlHandler",
                "controls": []
              }
            }
          ]
        }
      }
    },
    {
      "@id": "urn:solid-server:default:InteractionRouteHandler",
      "@type": "WaterfallHandler",
      "handlers": [{ "@id": "urn:solid-server:default:LoginRouter" }]
    },
    {
      "@id": "urn:solid-server:default:MainControlHandler",
      "@type": "ControlHandler",
      "controls": [
        {
          "ControlHandler:_controls_key": "logins",
          "ControlHandler:_controls_value": { "@id": "urn:solid-server:default:LoginRoute" }
        }
      ]
    },
    {
      "@id": "urn:solid-server:default:HtmlViewHandler",
      "@type": "HtmlViewHandler",
      "templates": [{
        "@id": "urn:solid-server:default:LoginHtml",
        "@type": "HtmlViewEntry",
        "filePath": "@css:templates/identity/login.html.ejs",
        "route": { "@id": "urn:solid-server:default:LoginRoute" }
      }]
    },
    {
      "@id": "urn:solid-server:default:MainHtmlControlHandler",
      "@type": "ControlHandler",
      "controls": [
        {
          "ControlHandler:_controls_key": "login",
          "ControlHandler:_controls_value": { "@id": "urn:solid-server:default:LoginRoute" }
        }
      ]
    }
  ]
 }
--- a/config/identity/interaction/routing/core/main.json
+++ b/config/identity/interaction/routing/core/main.json
@ -0,0 +1,38 @@
 {
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
  "import": [
    "css:config/identity/interaction/routing/core/index.json",
    "css:config/identity/interaction/routing/core/login.json"
  ],
  "@graph": [
    {
      "@id": "urn:solid-server:default:ControlHandler",
      "@type": "ControlHandler",
      "controls": [
        {
          "ControlHandler:_controls_key": "main",
          "ControlHandler:_controls_value": {
            "comment": "Contains all general controls.",
            "@id": "urn:solid-server:default:MainControlHandler",
            "@type": "ControlHandler",
            "controls": []
          }
        }
      ]
    },
    {
      "@id": "urn:solid-server:default:HtmlControlHandler",
      "@type": "ControlHandler",
      "controls": [{
        "ControlHandler:_controls_key": "main",
        "ControlHandler:_controls_value": {
          "comment": "Controls all general HTML page controls.",
          "@id": "urn:solid-server:default:MainHtmlControlHandler",
          "@type": "ControlHandler",
          "controls": []
        }
      }]
    }
  ]
 }
--- a/config/identity/interaction/routing/default.json
+++ b/config/identity/interaction/routing/default.json
@ -0,0 +1,85 @@
 {
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
  "import": [
    "css:config/identity/interaction/routing/account/main.json",
    "css:config/identity/interaction/routing/client-credentials/create.json",
    "css:config/identity/interaction/routing/client-credentials/resource.json",
    "css:config/identity/interaction/routing/core/main.json",
    "css:config/identity/interaction/routing/oidc/main.json",
    "css:config/identity/interaction/routing/password/main.json",
    "css:config/identity/interaction/routing/pod/create.json",
    "css:config/identity/interaction/routing/pod/resource.json",
    "css:config/identity/interaction/routing/webid/link.json",
    "css:config/identity/interaction/routing/webid/resource.json",
    "css:config/identity/interaction/routing/views/html.json"
  ],
  "@graph": [
    {
      "@id": "urn:solid-server:default:InteractionHandler",
      "@type": "WaterfallHandler",
      "handlers": [
        {
          "comment": "Returns the relevant HTML pages for the interactions when needed.",
          "@id": "urn:solid-server:default:HtmlViewHandler"
        },
        {
          "comment": "Ensures locks on authenticated requests.",
          "@id": "urn:solid-server:default:LockingInteractionHandler",
          "@type": "LockingInteractionHandler",
          "locker": { "@id": "urn:solid-server:default:ResourceLocker" },
          "accountRoute": { "@id": "urn:solid-server:default:AccountIdRoute" },
          "source": { "@id": "urn:solid-server:default:JsonConversionHandler" }
        }
      ]
    },
    {
      "comment": "Convert incoming requests to JSON operations.",
      "@id": "urn:solid-server:default:JsonConversionHandler",
      "@type": "JsonConversionHandler",
      "source": { "@id": "urn:solid-server:default:VersionHandler" },
      "converter": { "@id": "urn:solid-server:default:RepresentationConverter" }
    },
    {
      "comment": "Adds the API version to the JSON response.",
      "@id": "urn:solid-server:default:VersionHandler",
      "@type": "VersionHandler",
      "source" : { "@id": "urn:solid-server:default:CookieInteractionHandler" }
    },
    {
      "comment": "Updates the cookie values as necessary.",
      "@id": "urn:solid-server:default:CookieInteractionHandler",
      "@type": "CookieInteractionHandler",
      "accountStore": { "@id": "urn:solid-server:default:AccountStore" },
      "cookieStore": { "@id": "urn:solid-server:default:CookieStore" },
      "source": { "@id": "urn:solid-server:default:RootControlHandler" }
    },
    {
      "comment": "Adds controls to the JSON response.",
      "@id": "urn:solid-server:default:RootControlHandler",
      "@type": "ControlHandler",
      "controls": [{
        "ControlHandler:_controls_key": "controls",
        "ControlHandler:_controls_value": {
          "comment": "The main controls object. All other controls should be added to this one.",
          "@id": "urn:solid-server:default:ControlHandler",
          "@type": "ControlHandler",
          "controls": []
        }
      }],
      "source" : { "@id": "urn:solid-server:default:LocationInteractionHandler" }
    },
    {
      "comment": "Converts 3xx redirects to 200 JSON responses for consumption by browser scripts.",
      "@id": "urn:solid-server:default:LocationInteractionHandler",
      "@type": "LocationInteractionHandler",
      "source" : { "@id": "urn:solid-server:default:InteractionRouteHandler" }
    },
    {
      "comment": "Contains all JsonInteractionHandlers that can potentially handle the input request.",
      "@id": "urn:solid-server:default:InteractionRouteHandler",
      "@type": "WaterfallHandler",
      "handlers": []
    }
  ]
 }
--- a/config/identity/interaction/routing/oidc/cancel.json
+++ b/config/identity/interaction/routing/oidc/cancel.json
@ -0,0 +1,44 @@
 {
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
  "@graph": [
    {
      "comment": "Allows users to cancel an OIDC interaction, bringing them back to the original client.",
      "@id": "urn:solid-server:default:OidcCancelRouter",
      "@type": "InteractionRouteHandler",
      "route": {
        "@id": "urn:solid-server:default:OidcCancelRoute",
        "@type": "RelativePathInteractionRoute",
        "base": { "@id": "urn:solid-server:default:OidcRoute" },
        "relativePath": "cancel/"
      },
      "source": {
        "@id": "urn:solid-server:default:CancelOidcHandler",
        "@type": "WaterfallHandler",
        "handlers": [
          {
            "@type": "MethodFilterHandler",
            "methods": [ "POST" ],
            "source": { "@type": "CancelOidcHandler" }
          }
        ]
      }
    },
    {
      "@id": "urn:solid-server:default:InteractionRouteHandler",
      "@type": "WaterfallHandler",
      "handlers": [{ "@id": "urn:solid-server:default:OidcCancelRouter" }]
    },
    {
      "@id": "urn:solid-server:default:OidcControlHandler",
      "@type": "OidcControlHandler",
      "controls": [
        {
          "OidcControlHandler:_controls_key": "cancel",
          "OidcControlHandler:_controls_value": { "@id": "urn:solid-server:default:OidcCancelRoute" }
        }
      ]
    }
  ]
 }
--- a/config/identity/interaction/routing/oidc/consent.json
+++ b/config/identity/interaction/routing/oidc/consent.json
@ -0,0 +1,66 @@
 {
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
  "@graph": [
    {
      "comment": "Handles the interaction that occurs when a logged in user wants to authenticate with a new app.",
      "@id": "urn:solid-server:default:OidcConsentRouter",
      "@type": "InteractionRouteHandler",
      "route": {
        "@id": "urn:solid-server:default:OidcConsentRoute",
        "@type": "RelativePathInteractionRoute",
        "base": { "@id": "urn:solid-server:default:OidcRoute" },
        "relativePath": "consent/"
      },
      "source": {
        "@id": "urn:solid-server:default:ConsentHandler",
        "@type": "WaterfallHandler",
        "handlers": [
          {
            "@type": "MethodFilterHandler",
            "methods": [ "GET" ],
            "source": {
              "@type": "ClientInfoHandler",
              "providerFactory": { "@id": "urn:solid-server:default:IdentityProviderFactory" }
            }
          },
          {
            "@type": "MethodFilterHandler",
            "methods": [ "POST" ],
            "source": {
              "@type": "ConsentHandler",
              "providerFactory": { "@id": "urn:solid-server:default:IdentityProviderFactory" }
            }
          }
        ]
      }
    },
    {
      "@id": "urn:solid-server:default:InteractionRouteHandler",
      "@type": "WaterfallHandler",
      "handlers": [{ "@id": "urn:solid-server:default:OidcConsentRouter" }]
    },
    {
      "@id": "urn:solid-server:default:OidcControlHandler",
      "@type": "OidcControlHandler",
      "controls": [
        {
          "OidcControlHandler:_controls_key": "consent",
          "OidcControlHandler:_controls_value": { "@id": "urn:solid-server:default:OidcConsentRoute" }
        }
      ]
    },
    {
      "@id": "urn:solid-server:default:HtmlViewHandler",
      "@type": "HtmlViewHandler",
      "templates": [{
        "@id": "urn:solid-server:default:OidcConsentHtml",
        "@type": "HtmlViewEntry",
        "filePath": "@css:templates/identity/oidc/consent.html.ejs",
        "route": { "@id": "urn:solid-server:default:OidcConsentRoute" }
      }]
    }
  ]
 }
--- a/config/identity/interaction/routing/oidc/forget-webid.json
+++ b/config/identity/interaction/routing/oidc/forget-webid.json
@ -0,0 +1,47 @@
 {
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
  "@graph": [
    {
      "comment": "Allows the picked WebID to be forgotten in an OIDC interaction so the user can pick again.",
      "@id": "urn:solid-server:default:OidcForgetWebIdRouter",
      "@type": "InteractionRouteHandler",
      "route": {
        "@id": "urn:solid-server:default:OidcForgetWebIDRoute",
        "@type": "RelativePathInteractionRoute",
        "base": { "@id": "urn:solid-server:default:OidcRoute" },
        "relativePath": "forget-webid/"
      },
      "source": {
        "@id": "urn:solid-server:default:ForgetWebIdHandler",
        "@type": "WaterfallHandler",
        "handlers": [
          {
            "@type": "MethodFilterHandler",
            "methods": [ "POST" ],
            "source": {
              "@type": "ForgetWebIdHandler",
              "providerFactory": { "@id": "urn:solid-server:default:IdentityProviderFactory" }
            }
          }
        ]
      }
    },
    {
      "@id": "urn:solid-server:default:InteractionRouteHandler",
      "@type": "WaterfallHandler",
      "handlers": [{ "@id": "urn:solid-server:default:OidcForgetWebIdRouter" }]
    },
    {
      "@id": "urn:solid-server:default:OidcControlHandler",
      "@type": "OidcControlHandler",
      "controls": [
        {
          "OidcControlHandler:_controls_key": "forgetWebId",
          "OidcControlHandler:_controls_value": { "@id": "urn:solid-server:default:OidcForgetWebIDRoute" }
        }
      ]
    }
  ]
 }
--- a/config/identity/interaction/routing/oidc/main.json
+++ b/config/identity/interaction/routing/oidc/main.json
@ -0,0 +1,35 @@
 {
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
  "import": [
    "css:config/identity/interaction/routing/oidc/cancel.json",
    "css:config/identity/interaction/routing/oidc/consent.json",
    "css:config/identity/interaction/routing/oidc/forget-webid.json",
    "css:config/identity/interaction/routing/oidc/prompt.json",
    "css:config/identity/interaction/routing/oidc/pick-webid.json"
  ],
  "@graph": [
    {
      "comment": "Main OIDC route others can extend.",
      "@id": "urn:solid-server:default:OidcRoute",
      "@type": "RelativePathInteractionRoute",
      "base": { "@id": "urn:solid-server:default:IndexRoute" },
      "relativePath": "oidc/"
    },
    {
      "@id": "urn:solid-server:default:ControlHandler",
      "@type": "ControlHandler",
      "controls": [
        {
          "ControlHandler:_controls_key": "oidc",
          "ControlHandler:_controls_value": {
            "comment": "Contains all OIDC controls.",
            "@id": "urn:solid-server:default:OidcControlHandler",
            "@type": "OidcControlHandler",
            "controls": []
          }
        }
      ]
    }
  ]
 }
--- a/config/identity/interaction/routing/oidc/pick-webid.json
+++ b/config/identity/interaction/routing/oidc/pick-webid.json
@ -0,0 +1,44 @@
 {
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
  "@graph": [
    {
      "comment": "Handles picking a WebID during an OIDC interaction.",
      "@id": "urn:solid-server:default:OidcPickWebIdRouter",
      "@type": "InteractionRouteHandler",
      "route": {
        "@id": "urn:solid-server:default:OidcPickWebIdRoute",
        "@type": "RelativePathInteractionRoute",
        "base": { "@id": "urn:solid-server:default:OidcRoute" },
        "relativePath": "pick-webid/"
      },
      "source": {
        "@type": "ViewInteractionHandler",
        "source": {
          "@type": "PickWebIdHandler",
          "@id": "urn:solid-server:default:PickWebIdHandler",
          "accountStore": { "@id": "urn:solid-server:default:AccountStore" },
          "providerFactory": { "@id": "urn:solid-server:default:IdentityProviderFactory" }
        }
      }
    },
    {
      "@id": "urn:solid-server:default:InteractionRouteHandler",
      "@type": "WaterfallHandler",
      "handlers": [
        { "@id": "urn:solid-server:default:OidcPickWebIdRouter" }
      ]
    },
    {
      "@id": "urn:solid-server:default:OidcControlHandler",
      "@type": "OidcControlHandler",
      "controls": [
        {
          "OidcControlHandler:_controls_key": "webId",
          "OidcControlHandler:_controls_value": { "@id": "urn:solid-server:default:OidcPickWebIdRoute" }
        }
      ]
    }
  ]
 }
--- a/config/identity/interaction/routing/oidc/prompt.json
+++ b/config/identity/interaction/routing/oidc/prompt.json
@ -0,0 +1,51 @@
 {
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
  "@graph": [
    {
      "comment": "Handles the interaction that occurs when a logged in user wants to authenticate with a new app.",
      "@id": "urn:solid-server:default:OidcPromptRouter",
      "@type": "InteractionRouteHandler",
      "route": {
        "@id": "urn:solid-server:default:OidcPromptRoute",
        "@type": "RelativePathInteractionRoute",
        "base": { "@id": "urn:solid-server:default:OidcRoute" },
        "relativePath": "prompt/"
      },
      "source": {
        "@id": "urn:solid-server:default:PromptHandler",
        "@type": "PromptHandler",
        "promptRoutes": [
          {
            "PromptHandler:_promptRoutes_key": "account",
            "PromptHandler:_promptRoutes_value": { "@id": "urn:solid-server:default:LoginRoute" }
          },
          {
            "PromptHandler:_promptRoutes_key": "login",
            "PromptHandler:_promptRoutes_value": { "@id": "urn:solid-server:default:OidcConsentRoute" }
          },
          {
            "PromptHandler:_promptRoutes_key": "consent",
            "PromptHandler:_promptRoutes_value": { "@id": "urn:solid-server:default:OidcConsentRoute" }
          }
        ]
      }
    },
    {
      "@id": "urn:solid-server:default:InteractionRouteHandler",
      "@type": "WaterfallHandler",
      "handlers": [{ "@id": "urn:solid-server:default:OidcPromptRouter" }]
    },
    {
      "@id": "urn:solid-server:default:OidcControlHandler",
      "@type": "OidcControlHandler",
      "controls": [
        {
          "OidcControlHandler:_controls_key": "prompt",
          "OidcControlHandler:_controls_value": { "@id": "urn:solid-server:default:OidcPromptRoute" }
        }
      ]
    }
  ]
 }
--- a/config/identity/interaction/routing/password/create.json
+++ b/config/identity/interaction/routing/password/create.json
@ -0,0 +1,62 @@
 {
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
  "@graph": [
    {
      "comment": "Allows adding the email/password login method to an account",
      "@id": "urn:solid-server:default:AccountPasswordRouter",
      "@type": "AuthorizedRouteHandler",
      "route": {
        "@id": "urn:solid-server:default:AccountPasswordRoute",
        "@type": "RelativePathInteractionRoute",
        "base": { "@id": "urn:solid-server:default:AccountLoginRoute" },
        "relativePath": "password/"
      },
      "source": {
        "@type": "ViewInteractionHandler",
        "source": {
          "@id": "urn:solid-server:default:CreatePasswordHandler",
          "@type": "CreatePasswordHandler",
          "accountStore": { "@id": "urn:solid-server:default:AccountStore" },
          "passwordStore": { "@id": "urn:solid-server:default:PasswordStore" },
          "passwordRoute": { "@id": "urn:solid-server:default:AccountPasswordIdRoute" }
        }
      }
    },
    {
      "@id": "urn:solid-server:default:InteractionRouteHandler",
      "@type": "WaterfallHandler",
      "handlers": [{ "@id": "urn:solid-server:default:AccountPasswordRouter" }]
    },
    {
      "@id": "urn:solid-server:default:PasswordControlHandler",
      "@type": "ControlHandler",
      "controls": [{
          "ControlHandler:_controls_key": "create",
          "ControlHandler:_controls_value": { "@id": "urn:solid-server:default:AccountPasswordRoute" }
      }]
    },
    {
      "@id": "urn:solid-server:default:HtmlViewHandler",
      "@type": "HtmlViewHandler",
      "templates": [{
          "@id": "urn:solid-server:default:CreatePasswordHtml",
          "@type": "HtmlViewEntry",
          "filePath": "@css:templates/identity/password/create.html.ejs",
          "route": { "@id": "urn:solid-server:default:AccountPasswordRoute" }
      }]
    },
    {
      "ControlHandler:_controls_value": {
        "@id": "urn:solid-server:default:PasswordHtmlControlHandler",
        "@type": "ControlHandler",
        "controls": [{
          "ControlHandler:_controls_key": "create",
          "ControlHandler:_controls_value": { "@id": "urn:solid-server:default:AccountPasswordRoute" }
        }]
      }
    }
  ]
 }
--- a/config/identity/interaction/routing/password/forgot.json
+++ b/config/identity/interaction/routing/password/forgot.json
@ -0,0 +1,68 @@
 {
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
  "@graph": [
    {
      "comment": "Handles the forgot password interaction.",
      "@id": "urn:solid-server:default:ForgotPasswordRouter",
      "@type": "InteractionRouteHandler",
      "route": {
        "@id": "urn:solid-server:default:ForgotPasswordRoute",
        "@type": "RelativePathInteractionRoute",
        "base": { "@id": "urn:solid-server:default:LoginPasswordRoute" },
        "relativePath": "forgot/"
      },
      "source": {
        "@type": "ViewInteractionHandler",
        "source": {
          "@id": "urn:solid-server:default:ForgotPasswordHandler",
          "@type": "ForgotPasswordHandler",
          "passwordStore": { "@id": "urn:solid-server:default:PasswordStore" },
          "forgotPasswordStore": { "@id": "urn:solid-server:default:ForgotPasswordStore" },
          "templateEngine": {
            "@type": "StaticTemplateEngine",
            "templateEngine": { "@id": "urn:solid-server:default:TemplateEngine" },
            "template": "@css:templates/identity/password/reset-email.html.ejs"
          },
          "emailSender": { "@id": "urn:solid-server:default:EmailSender" },
          "resetRoute": { "@id": "urn:solid-server:default:ResetPasswordRoute" }
        }
      }
    },
    {
      "@id": "urn:solid-server:default:InteractionRouteHandler",
      "@type": "WaterfallHandler",
      "handlers": [{ "@id": "urn:solid-server:default:ForgotPasswordRouter" }]
    },
    {
      "@id": "urn:solid-server:default:PasswordControlHandler",
      "@type": "ControlHandler",
      "controls": [{
        "ControlHandler:_controls_key": "forgot",
        "ControlHandler:_controls_value": { "@id": "urn:solid-server:default:ForgotPasswordRoute" }
      }]
    },
    {
      "@id": "urn:solid-server:default:HtmlViewHandler",
      "@type": "HtmlViewHandler",
      "templates": [{
        "@id": "urn:solid-server:default:ForgotPasswordHtml",
        "@type": "HtmlViewEntry",
        "filePath": "@css:templates/identity/password/forgot.html.ejs",
        "route": { "@id": "urn:solid-server:default:ForgotPasswordRoute" }
      }]
    },
    {
      "ControlHandler:_controls_value": {
        "@id": "urn:solid-server:default:PasswordHtmlControlHandler",
        "@type": "ControlHandler",
        "controls": [{
            "ControlHandler:_controls_key": "forgot",
            "ControlHandler:_controls_value": { "@id": "urn:solid-server:default:ForgotPasswordRoute" }
        }]
      }
    }
  ]
 }
--- a/config/identity/interaction/routing/password/login.json
+++ b/config/identity/interaction/routing/password/login.json
@ -0,0 +1,63 @@
 {
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
  "@graph": [
    {
      "comment": "Handles the password login interaction.",
      "@id": "urn:solid-server:default:LoginPasswordRouter",
      "@type": "InteractionRouteHandler",
      "route": {
        "@id": "urn:solid-server:default:LoginPasswordRoute",
        "@type": "RelativePathInteractionRoute",
        "base": { "@id": "urn:solid-server:default:LoginRoute" },
        "relativePath": "password/"
      },
      "source": {
        "@type": "ViewInteractionHandler",
        "source": {
          "@id": "urn:solid-server:default:PasswordLoginHandler",
          "@type": "PasswordLoginHandler",
          "accountStore": { "@id": "urn:solid-server:default:AccountStore" },
          "passwordStore": { "@id": "urn:solid-server:default:PasswordStore" },
          "cookieStore": { "@id": "urn:solid-server:default:CookieStore" },
          "accountRoute": { "@id": "urn:solid-server:default:AccountIdRoute" }
        }
      }
    },
    {
      "@id": "urn:solid-server:default:InteractionRouteHandler",
      "@type": "WaterfallHandler",
      "handlers": [{ "@id": "urn:solid-server:default:LoginPasswordRouter" }]
    },
    {
      "@id": "urn:solid-server:default:PasswordControlHandler",
      "@type": "ControlHandler",
      "controls": [{
        "ControlHandler:_controls_key": "login",
        "ControlHandler:_controls_value": { "@id": "urn:solid-server:default:LoginPasswordRoute" }
      }]
    },
    {
      "@id": "urn:solid-server:default:HtmlViewHandler",
      "@type": "HtmlViewHandler",
      "templates": [{
        "@id": "urn:solid-server:default:PasswordLoginHtml",
        "@type": "HtmlViewEntry",
        "filePath": "@css:templates/identity/password/login.html.ejs",
        "route": { "@id": "urn:solid-server:default:LoginPasswordRoute" }
      }]
    },
    {
      "ControlHandler:_controls_value": {
        "@id": "urn:solid-server:default:PasswordHtmlControlHandler",
        "@type": "ControlHandler",
        "controls": [{
          "ControlHandler:_controls_key": "login",
          "ControlHandler:_controls_value": { "@id": "urn:solid-server:default:LoginPasswordRoute" }
        }]
      }
    }
  ]
 }
--- a/config/identity/interaction/routing/password/main.json
+++ b/config/identity/interaction/routing/password/main.json
@ -0,0 +1,11 @@
 {
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
  "import": [
    "css:config/identity/interaction/routing/password/create.json",
    "css:config/identity/interaction/routing/password/forgot.json",
    "css:config/identity/interaction/routing/password/login.json",
    "css:config/identity/interaction/routing/password/reset.json",
    "css:config/identity/interaction/routing/password/resource.json"
  ],
  "@graph": []
 }
--- a/config/identity/interaction/routing/password/reset.json
+++ b/config/identity/interaction/routing/password/reset.json
@ -0,0 +1,51 @@
 {
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
  "@graph": [
    {
      "comment": "Handles the reset password interaction.",
      "@id": "urn:solid-server:default:ResetPasswordRouter",
      "@type": "InteractionRouteHandler",
      "route": {
        "@id": "urn:solid-server:default:ResetPasswordRoute",
        "@type": "RelativePathInteractionRoute",
        "base": { "@id": "urn:solid-server:default:LoginPasswordRoute" },
        "relativePath": "reset/"
      },
      "source": {
        "@type": "ViewInteractionHandler",
        "source": {
          "@id": "urn:solid-server:default:ResetPasswordHandler",
          "@type": "ResetPasswordHandler",
          "passwordStore": { "@id": "urn:solid-server:default:PasswordStore" },
          "forgotPasswordStore": { "@id": "urn:solid-server:default:ForgotPasswordStore" }
        }
      }
    },
    {
      "@id": "urn:solid-server:default:InteractionRouteHandler",
      "@type": "WaterfallHandler",
      "handlers": [{ "@id": "urn:solid-server:default:ResetPasswordRouter" }]
    },
    {
      "@id": "urn:solid-server:default:PasswordControlHandler",
      "@type": "ControlHandler",
      "controls": [{
        "ControlHandler:_controls_key": "reset",
        "ControlHandler:_controls_value": { "@id": "urn:solid-server:default:ResetPasswordRoute" }
      }]
    },
    {
      "@id": "urn:solid-server:default:HtmlViewHandler",
      "@type": "HtmlViewHandler",
      "templates": [{
        "@id": "urn:solid-server:default:ResetPasswordHtml",
        "@type": "HtmlViewEntry",
        "filePath": "@css:templates/identity/password/reset.html.ejs",
        "route": { "@id": "urn:solid-server:default:ResetPasswordRoute" }
      }]
    }
  ]
 }
--- a/config/identity/interaction/routing/password/resource.json
+++ b/config/identity/interaction/routing/password/resource.json
@ -0,0 +1,55 @@
 {
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
  "@graph": [
    {
      "comment": "Handles the password link details such as update and delete.",
      "@id": "urn:solid-server:default:AccountPasswordIdRouter",
      "@type": "AuthorizedRouteHandler",
      "route": {
        "@id": "urn:solid-server:default:AccountPasswordIdRoute",
        "@type": "BasePasswordIdRoute",
        "base": { "@id": "urn:solid-server:default:AccountPasswordRoute" }
      },
      "source": {
        "@id": "urn:solid-server:default:PasswordResourceHandler",
        "@type": "WaterfallHandler",
        "handlers": [
          {
            "@type": "ViewInteractionHandler",
            "source": {
              "@type": "UpdatePasswordHandler",
              "accountStore": { "@id": "urn:solid-server:default:AccountStore" },
              "passwordStore": { "@id": "urn:solid-server:default:PasswordStore" }
            }
          },
          {
            "@type": "MethodFilterHandler",
            "methods": [ "DELETE" ],
            "source": {
              "@type": "DeletePasswordHandler",
              "accountStore": { "@id": "urn:solid-server:default:AccountStore" },
              "passwordStore": { "@id": "urn:solid-server:default:PasswordStore" }
            }
          }
        ]
      }
    },
    {
      "@id": "urn:solid-server:default:InteractionRouteHandler",
      "@type": "WaterfallHandler",
      "handlers": [{ "@id": "urn:solid-server:default:AccountPasswordIdRouter" }]
    },
    {
      "@id": "urn:solid-server:default:HtmlViewHandler",
      "@type": "HtmlViewHandler",
      "templates": [{
        "@id": "urn:solid-server:default:UpdatePasswordHtml",
        "@type": "HtmlViewEntry",
        "filePath": "@css:templates/identity/password/update.html.ejs",
        "route": { "@id": "urn:solid-server:default:AccountPasswordIdRoute" }
      }]
    }
  ]
 }
--- a/config/identity/interaction/routing/pod/create.json
+++ b/config/identity/interaction/routing/pod/create.json
@ -0,0 +1,30 @@
 {
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
  "@graph": [
    {
      "comment": "Handles pod creation.",
      "@id": "urn:solid-server:default:AccountPodRouter",
      "@type": "AuthorizedRouteHandler",
      "route": {
        "@id": "urn:solid-server:default:AccountPodRoute",
        "@type": "RelativePathInteractionRoute",
        "base": { "@id": "urn:solid-server:default:AccountIdRoute" },
        "relativePath": "pod/"
      },
      "source": {
        "@type": "ViewInteractionHandler",
        "source": {
          "@id": "urn:solid-server:default:CreatePodHandler",
          "@type": "CreatePodHandler",
          "baseUrl": { "@id": "urn:solid-server:default:variable:baseUrl" },
          "identifierGenerator": { "@id": "urn:solid-server:default:IdentifierGenerator" },
          "relativeWebIdPath": "/profile/card#me",
          "accountStore": { "@id": "urn:solid-server:default:AccountStore" },
          "webIdStore": { "@id": "urn:solid-server:default:WebIdStore" },
          "podStore": { "@id": "urn:solid-server:default:PodStore" },
          "allowRoot": false
        }
      }
    }
  ]
 }
--- a/config/identity/interaction/routing/pod/resource.json
+++ b/config/identity/interaction/routing/pod/resource.json
@ -0,0 +1,11 @@
 {
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
  "@graph": [
    {
      "comment": "This route is only used when creating new pod resources as no further interactions are supported.",
      "@id": "urn:solid-server:default:AccountPodIdRoute",
      "@type": "BasePodIdRoute",
      "base": { "@id": "urn:solid-server:default:AccountPodRoute" }
    }
  ]
 }
--- a/config/identity/interaction/routing/views/html.json
+++ b/config/identity/interaction/routing/views/html.json
@ -0,0 +1,45 @@
 {
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
  "@graph": [
    {
      "comment": "Returns HTML pages if the URL matches and HTML is preferred.",
      "@id": "urn:solid-server:default:HtmlViewHandler",
      "@type": "HtmlViewHandler",
      "index": { "@id": "urn:solid-server:default:IndexRoute" },
      "templateEngine": {
        "comment": "Renders the specific page and embeds it into the main HTML body.",
        "@type": "ChainedTemplateEngine",
        "renderedName": "htmlBody",
        "engines": [
          {
            "comment": "Will be called with specific templates to generate HTML snippets.",
            "@id": "urn:solid-server:default:TemplateEngine"
          },
          {
            "comment": "Will embed the result of the first engine into the main HTML template.",
            "@type": "StaticTemplateEngine",
            "templateEngine": { "@id": "urn:solid-server:default:TemplateEngine" },
            "template": "@css:templates/main.html.ejs"
          }
        ]
      },
      "templates": []
    },
    {
      "@id": "urn:solid-server:default:ControlHandler",
      "@type": "ControlHandler",
      "controls": [
        {
          "ControlHandler:_controls_key": "html",
          "ControlHandler:_controls_value": {
            "comment": "Controls linking to HTML pages. These can be the same URLs as the JSON APIs, but can also be different.",
            "@id": "urn:solid-server:default:HtmlControlHandler",
            "@type": "ControlHandler",
            "controls": []
          }
        }
      ]
    }
  ]
 }
--- a/config/identity/interaction/routing/webid/link.json
+++ b/config/identity/interaction/routing/webid/link.json
@ -0,0 +1,29 @@
 {
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
  "@graph": [
    {
      "comment": "Handles linking a WebID to an account",
      "@id": "urn:solid-server:default:AccountWebIdRouter",
      "@type": "AuthorizedRouteHandler",
      "route": {
        "@id": "urn:solid-server:default:AccountWebIdRoute",
        "@type": "RelativePathInteractionRoute",
        "base": { "@id": "urn:solid-server:default:AccountIdRoute" },
        "relativePath": "webid/"
      },
      "source": {
        "@id": "urn:solid-server:default:WebIdHandler",
        "@type": "ViewInteractionHandler",
        "source": {
          "@id": "urn:solid-server:default:LinkWebIdHandler",
          "@type": "LinkWebIdHandler",
          "baseUrl": { "@id": "urn:solid-server:default:variable:baseUrl" },
          "ownershipValidator": { "@id": "urn:solid-server:default:OwnershipValidator" },
          "accountStore": { "@id": "urn:solid-server:default:AccountStore" },
          "webIdStore": { "@id": "urn:solid-server:default:WebIdStore" },
          "identifierStrategy": { "@id": "urn:solid-server:default:IdentifierStrategy" }
        }
      }
    }
  ]
 }
--- a/config/identity/interaction/routing/webid/resource.json
+++ b/config/identity/interaction/routing/webid/resource.json
@ -0,0 +1,33 @@
 {
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
  "@graph": [
    {
      "comment": "Handles the WebID link details such as deletion.",
      "@id": "urn:solid-server:default:AccountWebIdLinkRouter",
      "@type": "AuthorizedRouteHandler",
      "route": {
        "@id": "urn:solid-server:default:AccountWebIdLinkRoute",
        "@type": "BaseWebIdLinkRoute",
        "base": { "@id": "urn:solid-server:default:AccountWebIdRoute" }
      },
      "source": {
        "@id": "urn:solid-server:default:WebIdLinkHandler",
        "@type": "MethodFilterHandler",
        "methods": [ "DELETE" ],
        "source": {
          "@type": "UnlinkWebIdHandler",
          "accountStore": { "@id": "urn:solid-server:default:AccountStore" },
          "webIdStore": { "@id": "urn:solid-server:default:WebIdStore" }
        }
      }
    },
    {
      "@id": "urn:solid-server:default:InteractionRouteHandler",
      "@type": "WaterfallHandler",
      "handlers": [
        { "@id": "urn:solid-server:default:AccountWebIdLinkRouter" }
      ]
    }
  ]
 }
--- a/config/identity/ownership/token.json
+++ b/config/identity/ownership/token.json
@ -3,7 +3,7 @@
  "@graph": [
    {
      "comment": "Determines WebID ownership by requesting a specific value to be added to the WebID document",
-      "@id": "urn:solid-server:auth:password:OwnershipValidator",
+      "@id": "urn:solid-server:default:OwnershipValidator",
      "@type": "TokenOwnershipValidator",
      "storage": { "@id": "urn:solid-server:default:ExpiringTokenStorage" }
    },
--- a/config/identity/ownership/unsafe-no-check.json
+++ b/config/identity/ownership/unsafe-no-check.json
@ -6,7 +6,7 @@
        "DO NOT USE IN PRODUCTION. ONLY FOR DEVELOPMENT, TESTING, OR DEBUGGING.",
        "Do no verification to determine WebID ownership."
      ],
-      "@id": "urn:solid-server:auth:password:OwnershipValidator",
+      "@id": "urn:solid-server:default:OwnershipValidator",
      "@type": "NoCheckOwnershipValidator"
    }
  ]
--- a/config/identity/registration/disabled.json
+++ b/config/identity/registration/disabled.json
@ -1,8 +0,0 @@
 {
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
  "@graph": [
    {
      "comment": "Disable registration by not attaching a registration handler."
    }
  ]
 }
--- a/config/identity/registration/enabled.json
+++ b/config/identity/registration/enabled.json
@ -1,35 +0,0 @@
 {
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
  "import": [
    "css:config/identity/registration/route/registration.json"
  ],
  "@graph": [
    {
      "@id": "urn:solid-server:auth:password:InteractionRouteHandler",
      "@type": "WaterfallHandler",
      "handlers": [
        { "@id": "urn:solid-server:auth:password:RegistrationRouteHandler" }
      ]
    },
    {
      "@id": "urn:solid-server:auth:password:ControlHandler",
      "@type": "ControlHandler",
      "controls": [
        {
          "ControlHandler:_controls_key": "register",
          "ControlHandler:_controls_value": { "@id": "urn:solid-server:auth:password:RegistrationRoute" }
        }
      ]
    },
    {
      "@id": "urn:solid-server:auth:password:HtmlViewHandler",
      "@type": "HtmlViewHandler",
      "templates": [
        {
          "HtmlViewHandler:_templates_key": "@css:templates/identity/email-password/register.html.ejs",
          "HtmlViewHandler:_templates_value": { "@id": "urn:solid-server:auth:password:RegistrationRoute" }
        }
      ]
    }
  ]
 }
--- a/config/identity/registration/route/registration.json
+++ b/config/identity/registration/route/registration.json
@ -1,29 +0,0 @@
 {
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
  "@graph": [
    {
      "comment": "Handles the register interaction",
      "@id": "urn:solid-server:auth:password:RegistrationRouteHandler",
      "@type": "InteractionRouteHandler",
      "route": {
        "@id": "urn:solid-server:auth:password:RegistrationRoute",
        "@type": "RelativePathInteractionRoute",
        "base": { "@id": "urn:solid-server:auth:password:IndexRoute" },
        "relativePath": "/register/"
      },
      "source": {
        "@id": "urn:solid-server:auth:password:RegistrationHandler",
        "@type": "RegistrationHandler",
        "registrationManager": {
          "@type": "RegistrationManager",
          "args_baseUrl": { "@id": "urn:solid-server:default:variable:baseUrl" },
          "args_webIdSuffix": "/profile/card#me",
          "args_identifierGenerator": { "@id": "urn:solid-server:default:IdentifierGenerator" },
          "args_ownershipValidator": { "@id": "urn:solid-server:auth:password:OwnershipValidator" },
          "args_accountStore": { "@id": "urn:solid-server:auth:password:AccountStore" },
          "args_podManager": { "@id": "urn:solid-server:default:PodManager" }
        }
      }
    }
  ]
 }
--- a/config/ldp/authorization/readers/ownership.json
+++ b/config/ldp/authorization/readers/ownership.json
@ -5,7 +5,8 @@
      "comment": "Allows pod owners to always edit permissions on the data.",
      "@id": "urn:solid-server:default:OwnerPermissionReader",
      "@type": "OwnerPermissionReader",
-      "accountStore": { "@id": "urn:solid-server:auth:password:AccountStore" },
+      "webIdStore": { "@id": "urn:solid-server:default:WebIdStore" },
      "accountStore": { "@id": "urn:solid-server:default:AccountStore" },
      "identifierStrategy": { "@id": "urn:solid-server:default:IdentifierStrategy" }
    }
  ]
--- a/config/ldp/metadata-parser/default.json
+++ b/config/ldp/metadata-parser/default.json
@ -1,7 +1,9 @@
 {
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
  "import": [
    "css:config/ldp/metadata-parser/parsers/authorization.json",
    "css:config/ldp/metadata-parser/parsers/content-type.json",
    "css:config/ldp/metadata-parser/parsers/cookie.json",
    "css:config/ldp/metadata-parser/parsers/link.json",
    "css:config/ldp/metadata-parser/parsers/plain-json-ld-filter.json",
    "css:config/ldp/metadata-parser/parsers/slug.json"
@ -12,6 +14,8 @@
      "@id": "urn:solid-server:default:MetadataParser",
      "@type": "ParallelHandler",
      "handlers": [
        { "@id": "urn:solid-server:default:AuthorizationParser" },
        { "@id": "urn:solid-server:default:CookieParser" },
        { "@id": "urn:solid-server:default:ContentTypeParser" },
        { "@id": "urn:solid-server:default:LinkRelParser" },
        { "@id": "urn:solid-server:default:PlainJsonLdFilter" },
--- a/config/ldp/metadata-parser/parsers/authorization.json
+++ b/config/ldp/metadata-parser/parsers/authorization.json
@ -0,0 +1,16 @@
 {
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
  "@graph": [
    {
      "comment": "Converts the authorization header into RDF metadata",
      "@id": "urn:solid-server:default:AuthorizationParser",
      "@type": "AuthorizationParser",
      "authMap": [
        {
          "AuthorizationParser:_authMap_key": "CSS-Account-Cookie",
          "AuthorizationParser:_authMap_value": "urn:npm:solid:community-server:http:accountCookie"
        }
      ]
    }
  ]
 }
--- a/config/ldp/metadata-parser/parsers/cookie.json
+++ b/config/ldp/metadata-parser/parsers/cookie.json
@ -0,0 +1,21 @@
 {
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
  "@graph": [
    {
      "comment": "The name of the cookie to identify being logged in with a CSS account.",
      "@id": "urn:solid-server:default:value:accountCookieName",
      "valueRaw": "css-account"
    },
    {
      "comment": "Converts cookies into RDF metadata.",
      "@id": "urn:solid-server:default:CookieParser",
      "@type": "CookieParser",
      "cookieMap": [
        {
          "CookieParser:_cookieMap_key": { "@id": "urn:solid-server:default:value:accountCookieName" },
          "CookieParser:_cookieMap_value": "urn:npm:solid:community-server:http:accountCookie",
        }
      ]
    }
  ]
 }
--- a/config/ldp/metadata-writer/default.json
+++ b/config/ldp/metadata-writer/default.json
@ -3,6 +3,7 @@
  "import": [
    "css:config/ldp/metadata-writer/writers/allow-accept.json",
    "css:config/ldp/metadata-writer/writers/content-type.json",
    "css:config/ldp/metadata-writer/writers/cookie.json",
    "css:config/ldp/metadata-writer/writers/link-rel.json",
    "css:config/ldp/metadata-writer/writers/link-rel-metadata.json",
    "css:config/ldp/metadata-writer/writers/mapped.json",
@ -21,6 +22,7 @@
        { "@id": "urn:solid-server:default:MetadataWriter_ContentType" },
        { "@id": "urn:solid-server:default:MetadataWriter_LinkRel" },
        { "@id": "urn:solid-server:default:MetadataWriter_LinkRelMetadata" },
        { "@id": "urn:solid-server:default:MetadataWriter_Cookie" },
        { "@id": "urn:solid-server:default:MetadataWriter_Mapped" },
        { "@id": "urn:solid-server:default:MetadataWriter_Modified" },
        { "@id": "urn:solid-server:default:MetadataWriter_Range" },
--- a/config/ldp/metadata-writer/writers/cookie.json
+++ b/config/ldp/metadata-writer/writers/cookie.json
@ -0,0 +1,17 @@
 {
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
  "@graph": [
    {
      "comment": "Converts all triples with the given predicates to cookies.",
      "@id": "urn:solid-server:default:MetadataWriter_Cookie",
      "@type": "CookieMetadataWriter",
      "cookieMap": [
        {
          "CookieMetadataWriter:_cookieMap_key": "urn:npm:solid:community-server:http:accountCookie",
          "CookieMetadataWriter:_name": { "@id": "urn:solid-server:default:value:accountCookieName" },
          "CookieMetadataWriter:_expirationUri": "urn:npm:solid:community-server:http:accountCookieExpiration"
        }
      ]
    }
  ]
 }
--- a/config/memory-subdomains.json
+++ b/config/memory-subdomains.json
@ -2,7 +2,7 @@
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^6.0.0/components/context.jsonld",
  "import": [
    "css:config/app/main/default.json",
-    "css:config/app/init/initialize-root.json",
+    "css:config/app/init/static-root.json",
    "css:config/app/variables/default.json",
    "css:config/http/handler/default.json",
    "css:config/http/middleware/default.json",
@ -12,9 +12,9 @@
    "css:config/identity/access/public.json",
    "css:config/identity/email/default.json",
    "css:config/identity/handler/default.json",
    "css:config/identity/interaction/default.json",
    "css:config/identity/ownership/token.json",
    "css:config/identity/pod/static.json",
    "css:config/identity/registration/enabled.json",
    "css:config/ldp/authentication/dpop-bearer.json",
    "css:config/ldp/authorization/webacl.json",
    "css:config/ldp/handler/default.json",
--- a/config/path-routing.json
+++ b/config/path-routing.json
@ -12,9 +12,9 @@
    "css:config/identity/access/public.json",
    "css:config/identity/email/default.json",
    "css:config/identity/handler/default.json",
    "css:config/identity/interaction/no-accounts.json",
    "css:config/identity/ownership/token.json",
    "css:config/identity/pod/static.json",
    "css:config/identity/registration/disabled.json",
    "css:config/ldp/authentication/dpop-bearer.json",
    "css:config/ldp/authorization/webacl.json",
    "css:config/ldp/handler/default.json",
--- a/config/quota-file.json
+++ b/config/quota-file.json
@ -12,9 +12,9 @@
    "css:config/identity/access/public.json",
    "css:config/identity/email/default.json",
    "css:config/identity/handler/default.json",
    "css:config/identity/interaction/default.json",
    "css:config/identity/ownership/token.json",
    "css:config/identity/pod/static.json",
    "css:config/identity/registration/enabled.json",
    "css:config/ldp/authentication/dpop-bearer.json",
    "css:config/ldp/authorization/webacl.json",
    "css:config/ldp/handler/default.json",
--- a/config/restrict-idp.json
+++ b/config/restrict-idp.json
@ -12,9 +12,9 @@
    "css:config/identity/access/restricted.json",
    "css:config/identity/email/default.json",
    "css:config/identity/handler/default.json",
    "css:config/identity/interaction/default.json",
    "css:config/identity/ownership/token.json",
    "css:config/identity/pod/static.json",
    "css:config/identity/registration/enabled.json",
    "css:config/ldp/authentication/dpop-bearer.json",
    "css:config/ldp/authorization/webacl.json",
    "css:config/ldp/handler/default.json",
--- a/config/sparql-endpoint-root.json
+++ b/config/sparql-endpoint-root.json
@ -12,9 +12,9 @@
    "css:config/identity/access/public.json",
    "css:config/identity/email/default.json",
    "css:config/identity/handler/default.json",
    "css:config/identity/interaction/no-accounts.json",
    "css:config/identity/ownership/token.json",
    "css:config/identity/pod/static.json",
    "css:config/identity/registration/disabled.json",
    "css:config/ldp/authentication/dpop-bearer.json",
    "css:config/ldp/authorization/webacl.json",
    "css:config/ldp/handler/default.json",
--- a/config/sparql-endpoint.json
+++ b/config/sparql-endpoint.json
@ -12,9 +12,9 @@
    "css:config/identity/access/public.json",
    "css:config/identity/email/default.json",
    "css:config/identity/handler/default.json",
    "css:config/identity/interaction/default.json",
    "css:config/identity/ownership/token.json",
    "css:config/identity/pod/static.json",
    "css:config/identity/registration/enabled.json",
    "css:config/ldp/authentication/dpop-bearer.json",
    "css:config/ldp/authorization/webacl.json",
    "css:config/ldp/handler/default.json",
--- a/config/sparql-file-storage.json
+++ b/config/sparql-file-storage.json
@ -12,9 +12,9 @@
    "css:config/identity/access/public.json",
    "css:config/identity/email/default.json",
    "css:config/identity/handler/default.json",
    "css:config/identity/interaction/default.json",
    "css:config/identity/ownership/token.json",
    "css:config/identity/pod/static.json",
    "css:config/identity/registration/enabled.json",
    "css:config/ldp/authentication/dpop-bearer.json",
    "css:config/ldp/authorization/webacl.json",
    "css:config/ldp/handler/default.json",
--- a/config/util/variables/default.json
+++ b/config/util/variables/default.json
@ -44,7 +44,7 @@
    },
    {
      "comment": "Path to the JSON file used to seed pods.",
-      "@id": "urn:solid-server:default:variable:seededPodConfigJson",
+      "@id": "urn:solid-server:default:variable:seedConfig",
      "@type": "Variable"
    },
    {
--- a/documentation/markdown/README.md
+++ b/documentation/markdown/README.md
@ -32,7 +32,7 @@ the [changelog](https://github.com/CommunitySolidServer/CommunitySolidServer/blo
 * [Quickly starting the server](usage/starting-server.md)
 * [Basic example HTTP requests](usage/example-requests.md)
 * [Editing the metadata of a resource](usage/metadata.md)
-* [How to use the Identity Provider](usage/identity-provider.md)
+* [How to use the Identity Provider and accounts](usage/identity-provider.md)
 * [How to automate authentication](usage/client-credentials.md)
 * [How to automatically seed pods on startup](usage/seeding-pods.md)
 * [Receiving notifications when resources change](usage/notifications.md)
--- a/documentation/markdown/architecture/features/accounts/controls.md
+++ b/documentation/markdown/architecture/features/accounts/controls.md
@ -0,0 +1,27 @@
 # JSON API controls
 A large part of every response of the JSON API is the `controls` block.
 These are generated by using nested `ControlHandler` objects.
 These take as input a key/value with the values being either routes or other interaction handlers.
 These will then be executed to determine the values of the output JSON object, with the same keys.
 By using other `ControlHandler`s in the input map, we can create nested objects.
 The default structure of these handlers is as follows:
 ```mermaid
 flowchart LR
  RootControlHandler("<strong>RootControlHandler</strong><br>ControlHandler")
  RootControlHandler --controls--> ControlHandler("<strong>ControlHandler</strong><br>ControlHandler")
  ControlHandler --main--> MainControlHandler("<strong>MainControlHandler</strong><br>ControlHandler")
  ControlHandler --account--> AccountControlHandler("<strong>AccountControlHandler</strong><br>ControlHandler")
  ControlHandler --password--> PasswordControlHandler("<strong>PasswordControlHandler</strong><br>ControlHandler")
  ControlHandler --"oidc"--> OidcControlHandler("<strong>OidcControlHandler</strong><br>OidcControlHandler")
  ControlHandler --html--> HtmlControlHandler("<strong>HtmlControlHandler</strong><br>ControlHandler")
  HtmlControlHandler --main--> MainHtmlControlHandler("<strong>MainHtmlControlHandler</strong><br>ControlHandler")
  HtmlControlHandler --account--> AccountHtmlControlHandler("<strong>AccountHtmlControlHandler</strong><br>ControlHandler")
  HtmlControlHandler --password--> PasswordHtmlControlHandler("<strong>PasswordHtmlControlHandler</strong><br>ControlHandler")
 ```
 Each of these control handlers then has a map of routes which link to the actual API endpoints.
 How to add these can be seen [here](routes.md#adding-the-necessary-controls).
--- a/documentation/markdown/architecture/features/accounts/overview.md
+++ b/documentation/markdown/architecture/features/accounts/overview.md
@ -0,0 +1,58 @@
 # Account management
 The main entry point is the `IdentityProviderHandler`,
 which routes all requests targeting a resource starting with `/.account/` into this handler,
 after which it goes through similar parsing handlers as described [here](../protocol/overview.md),
 the flow of which is shown below:
 ```mermaid
 flowchart LR
  Handler("<strong>IdentityProviderHandler</strong><br>RouterHandler")
  ParsingHandler("<strong>IdentityProviderParsingHandler</strong><br>AuthorizingHttpHandler")
  AuthorizingHandler("<strong>IdentityProviderAuthorizingHandler</strong><br>AuthorizingHttpHandler")
  Handler --> ParsingHandler
  ParsingHandler --> AuthorizingHandler
  AuthorizingHandler --> HttpHandler("<strong>IdentityProviderHttpHandler</strong><br>IdentityProviderHttpHandler")
 ```
 The `IdentityProviderHttpHandler` is where the actual differentiation of this component starts.
 It handles identifying the account based on the supplied cookie and determining the active OIDC interaction,
 after which it calls an `InteractionHandler` with this additional input.
 The `InteractionHandler` is many handlers chained together as follows:
 ```mermaid
 flowchart TD
  HttpHandler("<strong>IdentityProviderHttpHandler</strong><br>IdentityProviderHttpHandler")
  HttpHandler --> InteractionHandler("<strong>InteractionHandler</strong><br>WaterfallHandler")
  InteractionHandler --> InteractionHandlerArgs
  subgraph InteractionHandlerArgs[" "]
    HtmlViewHandler("<strong>HtmlViewHandler</strong><br>HtmlViewHandler")
    LockingInteractionHandler("<strong>LockingInteractionHandler</strong><br>LockingInteractionHandler")
  end
  LockingInteractionHandler --> JsonConversionHandler("<strong>JsonConversionHandler</strong><br>JsonConversionHandler")
  JsonConversionHandler --> VersionHandler("<strong>VersionHandler</strong><br>VersionHandler")
  VersionHandler --> CookieInteractionHandler("<strong>CookieInteractionHandler</strong><br>CookieInteractionHandler")
  CookieInteractionHandler --> RootControlHandler("<strong>RootControlHandler</strong><br>ControlHandler")
  RootControlHandler --> LocationInteractionHandler("<strong>LocationInteractionHandler</strong><br>LocationInteractionHandler")
  LocationInteractionHandler --> InteractionRouteHandler("<strong>InteractionRouteHandler</strong><br>WaterfallHandler")
 ```
 The `HtmlViewHandler` catches all request that request an HTML output.
 This class keeps a list of HTML pages and their corresponding URL and returns them when needed.
 If the request is for the JSON API,
 the request goes through a chain of handlers, each responsible for a specific step in the API process.
 We'll list and summarize these here:
 * `LockingInteractionHandler`: In case the request is authenticated,
  this requests a lock on that account to prevent simultaneous operations on the same account.
 * `JsonConversionHandler`: Converts the streaming input into a JSON object.
 * `VersionHandler`: Adds a version number to all output.
 * `CookieInteractionHandler`: Refreshes the cookie if necessary and adds relevant cookie metadata to the output.
 * `RootControlHandler`: Responsible for adding all the [controls](controls.md) to the output.
  Will take as input multiple other control handlers which create the nested values in the `controls` field.
 * `LocationInteractionHandler`: Catches redirect errors and converts them to JSON objects with a `location` field.
 * `InteractionRouteHandler`: A `WaterfallHandler` containing an entry for every supported API [route](routes.md).
--- a/documentation/markdown/architecture/features/accounts/routes.md
+++ b/documentation/markdown/architecture/features/accounts/routes.md
@ -0,0 +1,126 @@
 # Account API routes
 All entries contained in the `urn:solid-server:default:InteractionRouteHandler` have a similar structure:
 an `InteractionRouteHandler`, or `AuthorizedRouteHandler` for authenticated requests,
 which checks if the request targets a specific URL
 and redirects the request to its source if there is a match.
 Its source is quite often a `ViewInteractionHandler`,
 which returns a specific view on GET requests and performs an operation on POST requests,
 but other handlers can also occur.
 Below we will give an example of one API route and all the components that are necessary to add it to the server.
 ## Route handler
 ```json
 {
  "@id": "urn:solid-server:default:AccountWebIdRouter",
  "@type": "AuthorizedRouteHandler",
  "route": {
    "@id": "urn:solid-server:default:AccountWebIdRoute",
    "@type": "RelativePathInteractionRoute",
    "base": { "@id": "urn:solid-server:default:AccountIdRoute" },
    "relativePath": "webid/"
  },
  "source": { "@id": "urn:solid-server:default:WebIdHandler" }
 }
 ```
 The main entry point is the route handler,
 which determines the URL necessary to reach this API.
 In this case we create a new route, relative to the `urn:solid-server:default:AccountIdRoute`.
 That route specifically matches URLs of the format `http://localhost:3000/.account/account/<accountId>/`.
 Here we create a route relative to that one by appending `webid`,
 so the resulting route would match `http://localhost:3000/.account/account/<accountId>/webid/`.
 Since an `AuthorizedRouteHandler` is used here,
 the request also needs to be authenticated using an account cookie.
 If there is match, the request will be sent to the `urn:solid-server:default:WebIdHandler`.
 ## Interaction handler
 ```json
 {
  "@id": "urn:solid-server:default:WebIdHandler",
  "@type": "ViewInteractionHandler",
  "source": {
    "@id": "urn:solid-server:default:LinkWebIdHandler",
    "@type": "LinkWebIdHandler",
    "baseUrl": { "@id": "urn:solid-server:default:variable:baseUrl" },
    "ownershipValidator": { "@id": "urn:solid-server:default:OwnershipValidator" },
    "accountStore": { "@id": "urn:solid-server:default:AccountStore" },
    "webIdStore": { "@id": "urn:solid-server:default:WebIdStore" },
    "identifierStrategy": { "@id": "urn:solid-server:default:IdentifierStrategy" }
  }
 }
 ```
 The interaction handler is the class that performs the necessary operation based on the request.
 Often these are wrapped in a `ViewInteractionHandler`,
 which allows classes to have different support for GET and POST requests.
 ## Exposing the API
 ```json
 {
  "@id": "urn:solid-server:default:InteractionRouteHandler",
  "@type": "WaterfallHandler",
  "handlers": [
    { "@id": "urn:solid-server:default:AccountWebIdRouter" }
  ]
 }
 ```
 To make sure the API can be accessed,
 it needs to be added to the list of `urn:solid-server:default:InteractionRouteHandler`.
 This is the main handler that contains entries for all the APIs.
 This block of Components.js adds the route handler defined above to that list.
 ## Adding the necessary controls
 ```json
 {
  "@id": "urn:solid-server:default:AccountControlHandler",
  "@type": "ControlHandler",
  "controls": [{
    "ControlHandler:_controls_key": "webId",
    "ControlHandler:_controls_value": { "@id": "urn:solid-server:default:AccountWebIdRoute" }
  }]
 }
 ```
 To make sure people can find the API,
 it is necessary to link it through the associated `controls` object.
 This API is related to account management,
 so we add its route in the account controls with the key `webId`.
 More information about controls can be found [here](controls.md).
 ## Adding HTML
 ```json
 {
  "@id": "urn:solid-server:default:HtmlViewHandler",
  "@type": "HtmlViewHandler",
  "templates": [{
    "@id": "urn:solid-server:default:LinkWebIdHtml",
    "@type": "HtmlViewEntry",
    "filePath": "@css:templates/identity/account/link-webid.html.ejs",
    "route": { "@id": "urn:solid-server:default:AccountWebIdRoute" }
  }]
 }
 ```
 Some API routes also have an associated HTML page,
 in which case the page needs to be added to the `urn:solid-server:default:HtmlViewHandler`,
 which is what we do here.
 Usually you will also want to add HTML controls so the page can be found.
 ```json
 {
  "@id": "urn:solid-server:default:AccountHtmlControlHandler",
  "@type": "ControlHandler",
  "controls": [{
    "ControlHandler:_controls_key": "linkWebId",
    "ControlHandler:_controls_value": { "@id": "urn:solid-server:default:AccountWebIdRoute" }
  }]
 }
 ```
--- a/documentation/markdown/architecture/features/http-handler.md
+++ b/documentation/markdown/architecture/features/http-handler.md
@ -88,8 +88,9 @@ More on this can be found in the [identity provider](../../../usage/identity-pro
 The `urn:solid-server:default:IdentityProviderHttpHandler` handles everything
 related to our custom identity provider API, such as registering, logging in, returning the relevant HTML pages, etc.
-All these requests are identified by being on the `/idp/` subpath.
+All these requests are identified by being on the `/.account/` subpath.
 More information on the API can be found in the [identity provider](../../../usage/identity-provider) documentation
 The architectural overview can be found [here](accounts/overview.md).
 ## LdpHandler
--- a/documentation/markdown/architecture/features/protocol/overview.md
+++ b/documentation/markdown/architecture/features/protocol/overview.md
@ -10,7 +10,7 @@ Below is a simplified view of how these handlers are linked.
 ```mermaid
 flowchart LR
-  LdpHandler("<strong>LdpHandler</strong><br>ParsingHttphandler")
+  LdpHandler("<strong>LdpHandler</strong><br>ParsingHttpHandler")
  LdpHandler --> AuthorizingHttpHandler("<br>AuthorizingHttpHandler")
  AuthorizingHttpHandler --> OperationHandler("<strong>OperationHandler</strong><br><i>OperationHandler</i>")
  OperationHandler --> ResourceStore("<strong>ResourceStore</strong><br><i>ResourceStore</i>")
--- a/documentation/markdown/usage/account/json-api.md
+++ b/documentation/markdown/usage/account/json-api.md
@ -0,0 +1,281 @@
 # Account management JSON API
 Everything related to account management is done through a JSON API,
 of which we will describe all paths below.
 There are also HTML pages available to handle account management
 that use these APIs internally.
 Links to these can be found in the HTML controls
 All APIs expect JSON as input, and will return JSON objects as output.
 ## Finding API URLs
 All URLs below are relative to the index account API URL, which by default is `http://localhost:3000/.account/`.
 Every response of an API request will contain a `controls` object,
 containing all the URLs of the other API endpoints.
 It is generally advised to make use of these controls instead of hardcoding the URLs.
 Only the initial index URL needs to be known then to find the controls.
 Certain controls will be missing if those features are disabled in the configuration.
 ## API requests
 Many APIs require a POST request to perform an action.
 When doing a GET request on these APIs they will return an object describing what input is expected for the POST.
 ## Authorization
 After logging in, the API will return a `set-cookie` header.
 This cookie is necessary to have access to many of the APIs.
 When including this cookie, the controls object will also be extended with new URLs that are now accessible.
 When logging in, the response body JSON body will also contain a `cookie` field containing the cookie value.
 Instead of using cookies,
 this value can also be used in an `Authorization` header with auth scheme `CSS-Account-Cookie`
 to achieve the same result.
 The expiration time of this cookie will be refreshed
 every time there is a successful request to the server with that cookie.
 ## Redirecting
 As redirects through status codes 3xx can make working with JSON APIs more difficult,
 the API will never make use of this.
 Instead, if a redirect is required after an action,
 the response JSON object will return a `location` field.
 This is the next URL that should be fetched.
 This is mostly relevant in OIDC interactions as these cause the interaction to progress.
 ## Controls
 Below is an overview of all the keys in a controls object returned by the server,
 with all features enabled.
 An example of what such an object looks like can be found at the [bottom](#example) of the page.
 ### controls.main
 General controls that require no authentication.
 #### controls.main.index
 General entrypoint to the API.
 Returns an empty object, including the controls, on all GET requests.
 #### controls.main.logins
 Returns an overview of all login systems available on the server in `logins` object.
 Keys are a string description of the login system and values are links to their login pages.
 This can be used to let users choose how they want to log in.
 By default, the object only contains the email/password login system.
 ### controls.account
 All controls related to account management.
 All of these require authorization, except for the create action.
 #### controls.account.create
 Creates a new account on empty POST requests.
 The response contains the necessary cookie values to log and a `resource` field containing the URL of the account.
 This account can not be used until a login method has been added to it.
 All other interactions will fail until this is the case.
 See the [controls.password.create](#controlspasswordcreate) section below for more information on how to do this.
 This account will expire after some time if no login method is added.
 #### controls.account.logout
 Logs the account out on an empty POST request.
 Invalidates the cookie that was used.
 #### controls.account.webId
 POST requests link a WebID to the account,
 allowing the account to identify as that WebID during an OIDC authentication interaction.
 Expected input is an object containing a `webId` field.
 If the chosen WebID is contained within a Solid pod associated with this account,
 the request will succeed immediately.
 If not, an error will be thrown,
 asking the user to add a specific triple to the WebID to confirm that they are the owner.
 After this triple is added, a second request will be successful.
 #### controls.account.pod
 Creates a Solid pod for the account on POST requests.
 The only required field is `name`, which will determine the name of the pod.
 Additionally, a `settings` object can be sent along,
 the values of which will be sent to the templates used when generating the pod.
 If this `settings` object contains a `webId` field,
 that WebID will be the WebID that has initial access to the pod.
 If no WebID value is provided,
 a WebID will be generated in the pod and immediately linked to the account
 as described in [controls.account.webID](#controlsaccountwebid).
 This WebID will then be the WebID that has initial access.
 #### controls.account.clientCredentials
 Creates a client credentials token on POST requests.
 More information on these tokens can be found [here](../client-credentials.md).
 Expected input is an object containing a `name` and `webId` field.
 The name is optional and will be used to name the token,
 the WebID determines which WebID you will identify as when using that token.
 It needs to be a WebID linked to the account as described in [controls.account.webID](#controlsaccountwebid).
 #### controls.account.account
 This value corresponds to the resource URL of the account you received when creating it.
 This returns all resources linked to this account, such as login methods, WebIDs, pods, and client credentials tokens.
 Below is an example response object:
 ```json
 {
  "logins": {
    "password": {
      "test@example.com": "http://localhost:3000/.account/account/c63c9e6f-48f8-40d0-8fec-238da893a7f2/login/password/test%40example.com/"
    }
  },
  "pods": {
    "http://localhost:3000/test/": "http://localhost:3000/.account/account/c63c9e6f-48f8-40d0-8fec-238da893a7f2/pod/7def7830df1161e422537db594ad2b7412ffb735e0e2320cf3e90db19cd969f9/"
  },
  "webIds": {
    "http://localhost:3000/test/profile/card#me": "http://localhost:3000/.account/account/c63c9e6f-48f8-40d0-8fec-238da893a7f2/webid/5c1b70d3ffaa840394dda86889ed1569cf897ef3d6041fb4c9513f82144cbb7f/"
  },
  "clientCredentials": {
    "token_562cdeb5-d4b2-4905-9e62-8969ac10daaa": "http://localhost:3000/.account/account/c63c9e6f-48f8-40d0-8fec-238da893a7f2/client-credentials/token_562cdeb5-d4b2-4905-9e62-8969ac10daaa/"
  },
  "settings": {}
 }
 ```
 In each of the sub-objects, the key is always the unique identifier of whatever is being described,
 while the value is the resource URL that can potentially be used to modify the resource.
 Removing an entry can be done by sending a DELETE request to the resource URL,
 except for pods, which cannot be deleted.
 Login methods can only be deleted if the account has at least 1 login method remaining afterwards.
 The password login resource URL can also be used to modify the password,
 which can be done by sending a POST request to it with the body containing an `oldPassword` and a `newPassword` field.
 ### controls.password
 Controls related to managing the email/password login method.
 #### controls.password.create
 POST requests create an email/password login and adds it to the account you are logged in as.
 Expects `email` and `password` fields.
 #### controls.password.login
 POST requests log a user in and return the relevant cookie values.
 Expected fields are `email`, `password`, and optionally a `remember` boolean.
 The `remember` value determines if the returned cookie is only valid for the session,
 or for a longer time.
 #### controls.password.forgot
 Can be used when a user forgets their password.
 POST requests with an `email` field will send an email with a link to reset the password.
 #### controls.password.reset
 Used to handle reset password URLs generated when a user forgets their password.
 Expected input values for the POST request are `recordId`,
 which was generated when sending the reset mail,
 and `password` with the new password value.
 ### controls.oidc
 These controls are related to completing OIDC interactions.
 #### controls.oidc.cancel
 Sending a POST request to this API will cancel the OIDC interaction
 and return the user to the client that started the interaction.
 #### controls.oidc.prompt
 This API is used to determine what the next necessary step is in the OIDC interaction.
 The response will contain a `location` field,
 containing the URL to the next page the user should go to,
 and a `prompt` field,
 indicating the next step that is necessary to progress the OIDC interaction.
 The three possible prompts are the following:
 * **account**: The user needs to log in, so they have an account cookie.
 * **login**: The user needs to pick the WebID they want to use in the resulting OIDC token.
 * **consent**: The user needs to consent to the interaction.
 #### controls.oidc.webId
 Relevant for solving the **login** prompt.
 GET request will return a list of WebIDs the user can choose from.
 This is the same result as requesting the account information and looking at the linked WebIDs.
 The POST requests expects a `webId` value and optionally a `remember` boolean.
 The latter determines if the server should remember the picked WebID for later interactions.
 #### controls.oidc.forgetWebId
 POST requests to this API will cause the OIDC interaction to forget the picked WebID
 so a new one can be picked by the user.
 #### controls.oidc.consent
 A GET request to this API will return all the relevant information about the client doing the request.
 A POST requests causes the OIDC interaction to finish.
 It can have an optional `remember` value, which allows for refresh tokens if it is set to true.
 #### controls.html
 All these controls link to HTML pages and are thus mostly relevant to provide links to let the user navigate around.
 ## Example
 Below is an example of a controls object in a response.
 ```json
 {
  "main": {
    "index": "http://localhost:3000/.account/",
    "logins": "http://localhost:3000/.account/login/"
  },
  "account": {
    "create": "http://localhost:3000/.account/account/",
    "logout": "http://localhost:3000/.account/account/ade5c046-e882-4b56-80f4-18cb16433360/logout/",
    "webId": "http://localhost:3000/.account/account/ade5c046-e882-4b56-80f4-18cb16433360/webid/",
    "pod": "http://localhost:3000/.account/account/ade5c046-e882-4b56-80f4-18cb16433360/pod/",
    "clientCredentials": "http://localhost:3000/.account/account/ade5c046-e882-4b56-80f4-18cb16433360/client-credentials/",
    "account": "http://localhost:3000/.account/account/ade5c046-e882-4b56-80f4-18cb16433360/"
  },
  "password": {
    "create": "http://localhost:3000/.account/account/ade5c046-e882-4b56-80f4-18cb16433360/login/password/",
    "login": "http://localhost:3000/.account/login/password/",
    "forgot": "http://localhost:3000/.account/login/password/forgot/",
    "reset": "http://localhost:3000/.account/login/password/reset/"
  },
  "oidc": {
    "cancel": "http://localhost:3000/.account/oidc/cancel/",
    "prompt": "http://localhost:3000/.account/oidc/prompt/",
    "webId": "http://localhost:3000/.account/oidc/pick-webid/",
    "forgetWebId": "http://localhost:3000/.account/oidc/forget-webid/",
    "consent": "http://localhost:3000/.account/oidc/consent/"
  },
  "html": {
    "main": {
      "login": "http://localhost:3000/.account/login/"
    },
    "account": {
      "createClientCredentials": "http://localhost:3000/.account/account/ade5c046-e882-4b56-80f4-18cb16433360/client-credentials/",
      "createPod": "http://localhost:3000/.account/account/ade5c046-e882-4b56-80f4-18cb16433360/pod/",
      "linkWebId": "http://localhost:3000/.account/account/ade5c046-e882-4b56-80f4-18cb16433360/webid/",
      "account": "http://localhost:3000/.account/account/ade5c046-e882-4b56-80f4-18cb16433360/"
    },
    "password": {
      "register": "http://localhost:3000/.account/login/password/register/",
      "login": "http://localhost:3000/.account/login/password/",
      "create": "http://localhost:3000/.account/account/ade5c046-e882-4b56-80f4-18cb16433360/login/password/",
      "forgot": "http://localhost:3000/.account/login/password/forgot/"
    }
  }
 }
 ```
--- a/documentation/markdown/usage/account/login-method.md
+++ b/documentation/markdown/usage/account/login-method.md
@ -0,0 +1,118 @@
 # Adding a new login method
 By default, the server allows users to use email/password combinations to identify as the owner of their account.
 But, just like with many other parts of the server,
 this can be extended so other login methods can be used.
 Here we'll cover everything that is necessary.
 ## Components
 These are the components that are needed for adding a new login method.
 Not all of these are mandatory,
 but they can make the life of the user easier when trying to find and use the new method.
 Also have a look at the general [structure](../../architecture/features/accounts/routes.md)
 of new API components to see what is expected of such a component.
 ### Create component
 There needs to be one or more components that allow a user
 to create an instance of the new login method and assign it to their account.
 The `CreatePasswordHandler` can be used as an example.
 This does not necessarily have to happen in a single request,
 potentially multiple requests can be used if the user has to perform actions on an external site for example.
 The only thing that matters is that at the end there is a new entry in the account's `logins` object.
 When adding logins of your method a new key will need to be chosen to group these logins together.
 The email/password method uses `password` for example.
 A new storage will probably need to be created to storage relevant metadata about this login method entry.
 Below is an example of how the `PasswordStore` is created:
 ```json
 {
  "@id": "urn:solid-server:default:PasswordStore",
  "@type": "BasePasswordStore",
  "storage": {
    "@id": "urn:solid-server:default:PasswordStorage",
    "@type": "EncodingPathStorage",
    "relativePath": "/accounts/logins/password/",
    "source": {
      "@id": "urn:solid-server:default:KeyValueStorage"
    }
  }
 }
 ```
 ### Login component
 After creating a login instance, a user needs to be able to log in using the new method.
 This can again be done with multiple API calls if necessary,
 but the final one needs to be one that handles the necessary actions
 such as creating a cookie and finishing the OIDC interaction if necessary.
 The `ResolveLoginHandler` can be extended to take care of most of this,
 the `PasswordLoginHandler` provides an example of this.
 ### Additional components
 Besides creating a login instance and logging in,
 it is always possible to offer additional functionality specific to this login method.
 The email/password method, for example, also has components for password recovery and updating a password.
 ### HTML pages
 To make the life easier for users,
 at the very least you probably want to make an HTML page which people can use
 to create an instance of your login method.
 Besides that you could also make a page where people can combine creating an account with creating a login instance.
 The `templates/identity` folder contains all the pages the server has by default,
 which can be used as inspiration.
 These pages need to be linked to the `urn:solid-server:default:HtmlViewHandler`.
 Below is an example of this:
 ```json
 {
  "@id": "urn:solid-server:default:HtmlViewHandler",
  "@type": "HtmlViewHandler",
  "templates": [{
    "@id": "urn:solid-server:default:CreatePasswordHtml",
    "@type": "HtmlViewEntry",
    "filePath": "@css:templates/identity/password/create.html.ejs",
    "route": {
      "@id": "urn:solid-server:default:AccountPasswordRoute"
    }
  }]
 }
 ```
 ### Updating the login handler
 The `urn:solid-server:default:LoginHandler` returns a list of available login methods,
 which are used to offer users a choice of which login method they want to use on the default login page.
 If you want the new method to also be offered you will have to add similar Components.js configuration:
 ```json
 {
  "@id": "urn:solid-server:default:LoginHandler",
  "@type": "ControlHandler",
  "controls": [
    {
      "ControlHandler:_controls_key": "Email/password combination",
      "ControlHandler:_controls_value": {
        "@id": "urn:solid-server:default:LoginPasswordRoute"
      }
    }
  ]
 }
 ```
 ### Controls
 All new relevant API endpoints should be added to the controls object,
 otherwise there is no way for users to find out where to send their requests.
 Similarly, links to the HTML pages should also be in the controls, so they can be navigated to.
 Examples of how to do this can be found [here](../../architecture/features/accounts/routes.md).
 The default account overview page makes some assumptions about the controls when building the page.
 Specifically, it checks if `controls.html.<LOGIN_METHOD>.create` exists,
 if yes, it automatically creates a link on the page so users can create new login instances for their account.
--- a/Show More
+++ b/Show More