CARVIEW

MOTORHOMES

Select Language

HTTP/2 200 server: GitHub.com content-type: text/html; charset=utf-8 last-modified: Sun, 11 May 2025 07:41:01 GMT access-control-allow-origin: * etag: W/"6820548d-86f9" expires: Thu, 09 Oct 2025 16:31:39 GMT cache-control: max-age=600 content-encoding: gzip x-proxy-cache: MISS x-github-request-id: FC20:26459B:CE921:F2BE0:68E7E112 accept-ranges: bytes age: 0 date: Thu, 09 Oct 2025 16:21:39 GMT via: 1.1 varnish x-served-by: cache-bom-vanm7210054-BOM x-cache: MISS x-cache-hits: 0 x-timer: S1760026900.601419,VS0,VE338 vary: Accept-Encoding x-fastly-request-id: f45a6595e6e2d7131f056aa753501054ec84f3da content-length: 8554 Solid WebhookChannel2023

Solid WebhookChannel2023

Draft Community Group Report, 11 May 2025

Abstract

The [Solid.Notifications.Protocol] defines a set of interaction patterns for agents to receive notification about changes to resources in a Solid Storage.

This specification defines a channel type that applies these patterns to the Webhooks.

Status of this document

This report was published by the Solid Community Group. It is not a W3C Standard nor is it on the W3C Standards Track. Please note that under the W3C Community Contributor License Agreement (CLA) there is a limited opt-out and other conditions apply. Learn more about W3C Community and Business Groups.

1. Introduction

This section is non-normative.

The [Solid.Notifications.Protocol] describes a general pattern by which agents can be notified when a Solid Resource changes. This specification defines a subscription type that applies these patterns to WebHooks.

1.1. Specification Goals

In addition to the goals set forth by the [Solid.Notifications.Protocol] , this specification has goals required by the WebHooks use case:

Verifiable requests to a notification receiver - a notification receiver must be able to confirm if a request truly came from a specific notification sender.
Unsubscribing from a WebHook - Unlike websockets, where sockets can simply be closed by the client, if a notifications receiver wants to unsubscribe from a webhook, it must alert the subscription server.

solid/notifications/155 Make AuthN/AuthZ of each channel explicit

solid/notifications/145 Define unsubscribing

1.2. Terminology

This section is non-normative.

This specification uses terms from the [Solid.Notifications.Protocol] specification. When Solid Notifications Protocol terminology is used it is linked directly to that specification.

2. WebhookChannel2023 Type

This specification defines the WebhookChannel2023 type for use with Solid Notifications channels that use the Webhooks.

An WebhookChannel2023 MUST conform to the Solid Notifications Protocol.

An WebhookChannel2023 SHOULD support the Solid Notifications Features.

The WebhookChannel2023 type further constrains following properties properties:

sendTo: The sendTo property is used in the body of the subscription request. The value of the sendTo property MUST be a URI, using the https scheme.

A client establishes a subscription using the WebhookChannel2023 type by sending an authenticated subscription request to the Subscription Resource retrieved via Solid Notifications discovery.

For WebhookChannel2023 interactions, the subscription client sends a subscription request to an appropriate Subscription Resource. The only required fields in the payload are type, topic, and sendTo.

The type field MUST contain the type of channel being requested: WebhookChannel2023.
The topic field MUST contain the URL of the resource to which changes a client wishes to subscribe.
The sendTo field MUST contain the https URL of the webhook endpoint, where the notification sender is expected to send notifications.

For WebhookChannel2023 interactions, the subscription server responds with a subscription response. The only required fields in the payload are id, type, topic, sender

The id field MUST be a URI, which identifies the created notification channel.
The type field MUST contain the type of channel created: WebhookChannel2023.
The topic field MUST contain the URL of the resource which notifications will be about.
The sender field MUST contain a URI which identifies the notifications sender.

solid/notifications/134 Notification Sender - authentication may require both identities client & agent (user)

2.1. Subscription Example

This section is non-normative.

An example POST request, including the webhook endpoint, using a DPoP bound access token is below:

POST /subscription
Host: channels.example
Authorization: DPoP <token>
DPoP: <proof>
Content-Type: application/ld+json

{
  "@context": ["https://www.w3.org/ns/solid/notification/v1"],
  "type": "WebhookChannel2023",
  "topic": "https://storage.example/resource",
  "sendTo": "https://webhook.example/871b84e7",
  "state": "opaque-state",
  "expiration": "2023-12-23T12:37:15Z",
  "rate": "PT10s"
}

POST request including type, topic, and sendTo targeting the Notification Subscription Resource.

A successful response will contain a URL identifying the notification sender:

Content-Type: application/ld+json

{
  "@context": "https://www.w3.org/ns/solid/notification/v1",
  "id": "https://channels.example/ea1fcf13-7482-4bbb-a6c1-c168ddd7b0aa"
  "type": "WebhookChannel2023",
  "sender": "https://sender.example/#it",
  "expiration": "2023-12-23T12:37:15Z",
  "rate": "PT10s"
}

Response to the POST request, including channel id, type, and sender identity.

3. Authentication and Authorization

Subscription client MUST perform authenticated subscription request.
Notification Sender MUST perform authenticated request to sendTo webhook endpoint, using identity provided as sender in the subscription response.

As described by the Solid Notifications Protocol section on Authorization, the WebhookChannel2023 requires authorization and follows the guidance of the Solid Protocol sections on Authentication and Authorization [Solid.Protocol].

It is beyond the scope of this document to describe how a client fetches an access token. Solid-OIDC is one example of an authentication mechanism that could be used with Solid Notifications [Solid.OIDC].

Conformance

Document conventions

Conformance requirements are expressed with a combination of descriptive assertions and RFC 2119 terminology. The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY”, and “OPTIONAL” in the normative parts of this document are to be interpreted as described in RFC 2119. However, for readability, these words do not appear in all uppercase letters in this specification.

All of the text of this specification is normative except sections explicitly marked as non-normative, examples, and notes. [RFC2119]

Examples in this specification are introduced with the words “for example” or are set apart from the normative text with class="example", like this:

This is an example of an informative example.

Informative notes begin with the word “Note” and are set apart from the normative text with class="note", like this:

Note, this is an informative note.

References

Normative References

[RFC2119]: S. Bradner. Key words for use in RFCs to Indicate Requirement Levels. March 1997. Best Current Practice. URL: https://datatracker.ietf.org/doc/html/rfc2119
[Solid.Notifications.Protocol]: Aaron Coburn; et al. Solid Notifications Protocol. URL: https://solidproject.org/TR/notifications-protocol
[Solid.OIDC]: Aaron Coburn; elf Pavlik; Dmitri Zagidulin. Solid-OIDC. URL: https://solidproject.org/TR/oidc
[Solid.Protocol]: Sarven Capadisli; et al. Solid Protocol. URL: https://solidproject.org/TR/protocol

Original Source | Taken Source