Av/40 migrate OIDC implementation

[anushkavidanage]

Pull Request Details

Description

Complete re-engineering of solid_auth from a hand-rolled OIDC implementation to one built on the OpenID-certified package:oidc.

What was removed

The entire forked openid_client source tree (~1 300 lines across lib/src/openid/) has been deleted, along with the old platform-split auth_manager/ abstractions (web_auth_manager.dart, auth_manager_stub.dart), solid_auth_client.dart, solid_auth_issuer.dart, and platform_info.dart. These were maintaining a custom fork of an archived library; all OIDC protocol logic (discovery, PKCE, token exchange, refresh, logout) is now delegated to package:oidc.

What was added

• SolidAuthManager - single typed facade; authenticate(webId), login(), logout()
• SolidOidcConfig - typed config object
• SolidAuthData - immutable typed auth result (.accessToken, .webId, .idToken, …)
• DpopTokenGenerator - static DPoP proof builder; both token-endpoint and resource-server variants
• WebIdUtils.getIssuer() - same signature, now using typed HTTP
• SolidScopes - named scope constants

Related Issues

#40
anusii/solidpod#641
anusii/solidui#270

Type of Change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

How To Test?

1. Fresh login - run the example app (cd example && flutter run), enter a WebID, tap LOGIN, complete the browser flow. Confirm you reach the private resource screen and the displayed access token is valid.
2. DPoP resource request - from the private screen, trigger a GET request to a protected Solid resource. Confirm it succeeds (HTTP 200) with Authorization: DPoP … + DPoP: <proof> headers.
3. Logout clears session - tap logout, reopen the app. Confirm the login screen appears (no auto-restore).
4. Cross-platform - repeat steps 1-4 on at least two platforms (e.g. Windows desktop + web build).
5. Migration compatibility - any call site using the old genDpopToken(url, keyPair, jwk, method) signature still compiles via the DpopTokenGenerator.generate() legacy-compatible static method.

Checklist

• Screenshots included in linked issue #
• Changes adhere to the style and coding guidelines
• I have performed a self-review of my code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• Any dependent changes have been merged and published in downstream modules
• The update contains no confidential information
• The update has no duplicated content
• No lint check errors are related to these changes (make prep or flutter analyze lib)
• Integration test dart test output or screenshot included in issue #
• I tested the PR on these devices:
  • Android
  • iOS
  • Linux
  • MacOS
  • Windows
  • Web
• I have identified reviewers
• The PR has been approved by reviewers

Finalising

• Merge dev into the this branch
• Resolve any conflicts
• Add a one line summary into the CHANGELOG.md
• Push to the git repository and review
• Merge the PR into dev