@inrupt/solid-client-access-grants / gConsent

Module: gConsent#

References#

AccessBaseOptions#

Re-exports AccessBaseOptions


IssueAccessRequestParameters#

Re-exports IssueAccessRequestParameters

Type Aliases#

AccessCredentialType#

Ƭ AccessCredentialType: typeof ACCESS_CREDENTIAL_TYPE extends Set<infer T> ? T : never

Defined in#

src/gConsent/type/AccessCredentialType.ts:24


AccessGrant#

Ƭ AccessGrant: VerifiableCredential & AccessGrantBody

Defined in#

src/gConsent/type/AccessGrant.ts:25


AccessGrantContext#

Ƭ AccessGrantContext: typeof ACCESS_GRANT_CONTEXT_DEFAULT

Defined in#

src/gConsent/type/AccessGrantContext.ts:24


AccessGrantGConsent#

Ƭ AccessGrantGConsent: AccessGrant

Defined in#

src/gConsent/type/AccessGrant.ts:28


AccessRequest#

Ƭ AccessRequest: VerifiableCredential & AccessRequestBody

Defined in#

src/gConsent/type/AccessRequest.ts:25


AccessRequestGConsent#

Ƭ AccessRequestGConsent: AccessRequest

Defined in#

src/gConsent/type/AccessRequest.ts:28


ApproveAccessRequestOverrides#

Ƭ ApproveAccessRequestOverrides: Omit<Omit<AccessGrantParameters, "status">, "expirationDate"> & { expirationDate?: Date | null }

Defined in#

src/gConsent/manage/approveAccessRequest.ts:45


RedirectToAccessManagementUiOptions#

Ƭ RedirectToAccessManagementUiOptions: RedirectOptions & FetchOptions & { fallbackAccessManagementUi?: UrlString ; resourceOwner?: WebId }

Optional parameters for the [[redirectToAccessManagementUi]] method:

  • fetch?: Pass in a function with a signature compatible with the WHATWG Fetch API, which will be used to make HTTP requests. Primarily useful when requests need to be authenticated. When @inrupt/solid-client-authn-browser is available and this property is not set, fetch will be imported from there. Otherwise, the HTTP requests will be unauthenticated.

  • redirectCallback?: For use in a non-browser environment, this must be provided by the user in order to handle the redirect URL, since setting window.location.href is not an option.

Since

0.4.0

Defined in#

src/gConsent/discover/redirectToAccessManagementUi.ts:54

Variables#

GRANT_VC_URL_PARAM_NAME#

Const GRANT_VC_URL_PARAM_NAME: "accessGrantUrl"

Defined in#

src/gConsent/manage/redirectToRequestor.ts:26

Functions#

approveAccessRequest#

approveAccessRequest(requestVc, requestOverride?, options?): Promise<AccessGrant>

Approve an access request. The content of the approved access request is provided as a Verifiable Credential which properties may be overridden if necessary.

Parameters#

Name

Type

Description

requestVc

string | URL | VerifiableCredential

The Verifiable Credential representing the Access Request. If not conform to an Access Request, the function will throw.

requestOverride?

Partial<ApproveAccessRequestOverrides>

Elements overriding information from the provided Verifiable Credential.

options?

AccessBaseOptions

Optional properties to customizes the access grant behavior. Options include updateAcr which defaults to true. If this flag is set to true, the ACR of the Resource will be updated when the access grant is approved. If this flag is set to false, the ACR of the Resource will remain unchanged. This is an advanced feature, and only users having a good understanding of the relationship between Access Grants and ACRs should deviate from the default. Additional information is available in the ESS documentation

Returns#

Promise<AccessGrant>

A Verifiable Credential representing the granted access.

Since

0.0.1.

Defined in#

src/gConsent/manage/approveAccessRequest.ts:223

approveAccessRequest(requestVc, requestOverride, options?): Promise<AccessGrant>

Approve an access request. The content of the approved access request is provided as a set of claims, and no input Verifiable Credential is expected.

Parameters#

Name

Type

Description

requestVc

undefined

A Verifiable Credential that would represent the Access Request if provided.

requestOverride

ApproveAccessRequestOverrides

Claims constructing the Access Grant.

options?

AccessBaseOptions

Optional properties to customise the access grant behaviour.

Returns#

Promise<AccessGrant>

A Verifiable Credential representing the granted access.

Since

0.0.1.

Defined in#

src/gConsent/manage/approveAccessRequest.ts:240


cancelAccessRequest#

cancelAccessRequest(vc, options?): Promise<void>

Cancel a request for access to data (with explicit or implicit consent) before the person being asked for access has replied. This is equivalent to revoking a access grant.

Parameters#

Name

Type

Description

vc

string | URL | VerifiableCredential

The access request, either in the form of a VC URL or a full-fledged VC.

options

AccessBaseOptions

Optional properties to customise the access request behaviour.

Returns#

Promise<void>

A void promise

Since

0.0.1

Defined in#

src/gConsent/request/cancelAccessRequest.ts:37


denyAccessRequest#

denyAccessRequest(vc, options?): Promise<AccessGrant>

Deny an access request. The content of the denied access request is provided as a Verifiable Credential.

Parameters#

Name

Type

Description

vc

string | URL | VerifiableCredential

The Verifiable Credential representing the Access Request. If not conform to an Access Request, the function will throw.

options?

AccessBaseOptions

Optional properties to customise the access denial behaviour.

Returns#

Promise<AccessGrant>

A Verifiable Credential representing the denied access.

Since

0.0.1

Defined in#

src/gConsent/manage/denyAccessRequest.ts:76

denyAccessRequest(resourceOwner, vc, options?): Promise<VerifiableCredential>

Parameters#

Name

Type

resourceOwner

string

vc

string | URL | VerifiableCredential

options?

AccessBaseOptions

Returns#

Promise<VerifiableCredential>

Deprecated

Please remove the resourceOwner parameter.

Defined in#

src/gConsent/manage/denyAccessRequest.ts:83


getAccessApiEndpoint#

getAccessApiEndpoint(resource, options?): Promise<UrlString>

Discovers the endpoint where access requests may be created for a given resource.

Parameters#

Name

Type

Description

resource

string | URL

The resource for which access may be requested.

options

AccessBaseOptions

Optional properties to customise the access request behaviour.

Returns#

Promise<UrlString>

The URL of the access request server.

Since

0.4.0

Defined in#

src/gConsent/discover/getAccessApiEndpoint.ts:70


getAccessGrant#

getAccessGrant(accessGrantVcUrl, options?): Promise<AccessGrant>

Retrieve the Access Grant associated to the given URL.

Parameters#

Name

Type

Description

accessGrantVcUrl

string | URL

The URL of an access grant, with or without consent.

options?

AccessBaseOptions

Optional properties to customise the request behaviour.

Returns#

Promise<AccessGrant>

The Verifiable Credential associated to the given IRI, if it is an access grant. Throws otherwise.

Since

0.4.0

Defined in#

src/gConsent/manage/getAccessGrant.ts:39


getAccessGrantAll#

getAccessGrantAll(params, options?): Promise<VerifiableCredential[]>

Retrieve Access Grants issued over a resource. The Access Grants may be filtered by resource, requestor, access modes and purpose.

If a resource filter is specified, the resources hierarchy is walked up to the storage root so that all applicable Access Grants for the target resource are discovered, including recursive Access Grants issued over an ancestor container.

Parameters#

Name

Type

Description

params

Partial<Pick<InputAccessRequestParameters, "access" | "purpose"> & { requestor: string ; resource: string | URL ; status?: "all" | "denied" | "granted" }>

-

options?

QueryOptions

Optional parameter: - options.fetch: An alternative fetch function to make the HTTP request, compatible with the browser-native fetch API. This is typically used for authentication. - options.includeExpiredGrants: include expired grants in the result set. - accessEndpoint: A base URL used when determining the location of access API calls. If not given, it is attempted to be found by determining the server URL from the resource involved in the request and reading its .well-known/solid file for an Access API entry. If you are not providing a resource this url must point to the vcProvider endpoint associated with the environment you are requesting against.

Returns#

Promise<VerifiableCredential[]>

A promise resolving to an array of Access Grants matching the request.

Example

const grantsForResource = await getAccessGrantAll({
 resource: "https://example.org/storage/some-resource"
}, {
 fetch: session.fetch,
 accessEndpoint: "https://example.org/grants-holder/"
});

const grantsForAgentWrite = await getAccessGrantAll({
 requestor: "https://id.example.org/some-agent-webid",
 modes: ["write"]
}, {
 fetch: session.fetch,
 accessEndpoint: "https://example.org/grants-holder/"
});

Since

0.4.0

Defined in#

src/gConsent/manage/getAccessGrantAll.ts:211

getAccessGrantAll(resource, params?, options?): Promise<VerifiableCredential[]>

Retrieve Access Grants issued over a resource. The Access Grants may be filtered by requestor, access modes and purpose. In order to discover all applicable Access Grants for the target resource, including recursive Access Grants issued over an ancestor container, the resources hierarchy is walked up to the storage root.

Parameters#

Name

Type

Description

resource

string | URL

The URL of a resource to which access grants might have been issued.

params?

Partial<Pick<InputAccessRequestParameters, "access" | "purpose"> & { requestor: string ; resource: string | URL ; status?: "all" | "denied" | "granted" }>

-

options?

QueryOptions

Optional parameter: - options.fetch: An alternative fetch function to make the HTTP request, compatible with the browser-native fetch API. This can be typically used for authentication. Note that if it is omitted, and @inrupt/solid-client-authn-browser is in your dependencies, the default session is picked up. - options.includeExpiredGrants: include expired grants in the result set.

Returns#

Promise<VerifiableCredential[]>

A promise resolving to an array of Access Grants matching the request.

Since

0.4.0

Deprecated

Please remove resource parameter.

Defined in#

src/gConsent/manage/getAccessGrantAll.ts:235


getAccessGrantFromRedirectUrl#

getAccessGrantFromRedirectUrl(redirectUrl, options?): Promise<AccessGrant>

Get the Access Grant out of the incoming redirect from the Access Management app.

Parameters#

Name

Type

Description

redirectUrl

string | URL

The URL the user has been redirected to from the access management app.

options

Object

Optional properties to customise the behaviour: - fetch: an authenticated fetch function. If not provided, the default session from @inrupt/solid-client-authn-browser will be used if available.

options.fetch?

(input: RequestInfo | URL, init?: RequestInit) => Promise<Response>

MDN Reference

Returns#

Promise<AccessGrant>

An Access Grant

Since

0.5.0

Defined in#

src/gConsent/request/getAccessGrantFromRedirectUrl.ts:42


getAccessManagementUi#

getAccessManagementUi(webId, options?): Promise<UrlString | undefined>

Get the endpoint where the user prefers to be redirected when asked for access. If the user does not specify an endpoint, this function attempts to discover the default access UI recommended by their Pod provider.

Parameters#

Name

Type

Description

webId

string | URL

The WebID of the user asked for access.

options

Pick<AccessBaseOptions, "fetch">

Optional properties to customise the access request behaviour.

Returns#

Promise<UrlString | undefined>

The URL where the user should be redirected, if discoverable.

Since

0.4.0

Defined in#

src/gConsent/discover/getAccessManagementUi.ts:114


getAccessRequest#

getAccessRequest(url, options?): Promise<AccessRequest>

Fetch the Access Request from the given URL.

Parameters#

Name

Type

Description

url

string | URL

The URL of the Access Request.

options

Object

Optional properties to customise the behaviour: - fetch: an authenticated fetch function. If not provided, the default session from @inrupt/solid-client-authn-browser will be used if available.

options.fetch?

(input: RequestInfo | URL, init?: RequestInit) => Promise<Response>

MDN Reference

Returns#

Promise<AccessRequest>

An Access Request.

Since

2.4.0

Defined in#

src/gConsent/manage/getAccessRequest.ts:38


getAccessRequestFromRedirectUrl#

getAccessRequestFromRedirectUrl(redirectUrl, options?): Promise<{ accessRequest: AccessRequest ; requestorRedirectUrl: UrlString }>

Get the Access Request out of the incoming redirect from the Access Management app.

Parameters#

Name

Type

Description

redirectUrl

string | URL

The URL the user has been redirected to from the access management app.

options?

Object

Optional properties to customise the behaviour: - fetch: an authenticated fetch function. If not provided, the default session from @inrupt/solid-client-authn-browser will be used if available.

options.fetch?

(input: RequestInfo | URL, init?: RequestInit) => Promise<Response>

MDN Reference

Returns#

Promise<{ accessRequest: AccessRequest ; requestorRedirectUrl: UrlString }>

An Access Request, and the URL to which the corresponding grant should be sent when redirecting the resource owner back to the requestor.

Since

0.5.0

Defined in#

src/gConsent/manage/getAccessRequestFromRedirectUrl.ts:52


issueAccessRequest#

issueAccessRequest(params, options?): Promise<AccessRequest>

Request access to a given Resource.

Parameters#

Name

Type

Description

params

InputAccessRequestParameters

Access to request.

options?

AccessBaseOptions

Optional properties to customize the access request behavior.

Returns#

Promise<AccessRequest>

A signed Verifiable Credential representing the access request.

Since

0.4.0

Defined in#

src/gConsent/request/issueAccessRequest.ts:77

issueAccessRequest(params, options?): Promise<AccessRequest>

Parameters#

Name

Type

params

DeprecatedAccessRequestParameters

options?

AccessBaseOptions

Returns#

Promise<AccessRequest>

Deprecated

Please remove the requestor parameter.

Defined in#

src/gConsent/request/issueAccessRequest.ts:84


redirectToAccessManagementUi#

redirectToAccessManagementUi(accessRequestVc, redirectUrl, options?): Promise<void>

Redirects the application to a resource owner’s preferred access management UI.

Parameters#

Name

Type

Description

accessRequestVc

string | URL | VerifiableCredential

The VC containing the Access Request to a resource.

redirectUrl

string | URL

The URL where the user should be redirected back after having granted access.

options

RedirectToAccessManagementUiOptions

If you are in a NodeJS environment, you must specify a callback to handle the redirection.

Returns#

Promise<void>

Since

0.4.0

Defined in#

src/gConsent/discover/redirectToAccessManagementUi.ts:95


redirectToRequestor#

redirectToRequestor(accessGrantVcId, redirectUrl, options?): Promise<void>

Redirect the user to the client which requested Access to a Resource. The Access Grant is sent as part of the redirect.

Parameters#

Name

Type

Description

accessGrantVcId

string | URL

The ID of the Access Grant VC, which should be a URL

redirectUrl

string | URL

The URL where the client requesting access expects the user to be redirected

options

RedirectOptions

If you are in a NodeJS environment, you must specify a callback to handle the redirection.

Returns#

Promise<void>

A never resolving promise: the user is expected to be redirected away from the page by this call, so no code should be expected to run in that context after the redirect.

Since

0.5.0

Defined in#

src/gConsent/manage/redirectToRequestor.ts:44


revokeAccessGrant#

revokeAccessGrant(vc, options?): Promise<void>

Makes a request to the access server to revoke a given Verifiable Credential (VC).

Parameters#

Name

Type

Description

vc

string | URL | VerifiableCredential

Either a VC, or a URL to a VC, to be revoked.

options

Omit<AccessBaseOptions, "accessEndpoint">

Optional properties to customise the request behaviour.

Returns#

Promise<void>

A void promise.

Since

0.4.0

Defined in#

src/gConsent/manage/revokeAccessGrant.ts:37