@inrupt/solid-client-access-grants / gConsent
Module: gConsent#
References#
AccessBaseOptions#
Re-exports AccessBaseOptions
IssueAccessRequestParameters#
Re-exports IssueAccessRequestParameters
Type Aliases#
AccessCredentialType#
Ƭ AccessCredentialType: typeof ACCESS_CREDENTIAL_TYPE
extends Set
<infer T> ? T
: never
Defined in#
src/gConsent/type/AccessCredentialType.ts:24
AccessGrant#
Ƭ AccessGrant: VerifiableCredential
& AccessGrantBody
Defined in#
src/gConsent/type/AccessGrant.ts:25
AccessGrantContext#
Ƭ AccessGrantContext: typeof ACCESS_GRANT_CONTEXT_DEFAULT
Defined in#
src/gConsent/type/AccessGrantContext.ts:24
AccessGrantGConsent#
Ƭ AccessGrantGConsent: AccessGrant
Defined in#
src/gConsent/type/AccessGrant.ts:28
AccessRequest#
Ƭ AccessRequest: VerifiableCredential
& AccessRequestBody
Defined in#
src/gConsent/type/AccessRequest.ts:25
AccessRequestGConsent#
Ƭ AccessRequestGConsent: AccessRequest
Defined in#
src/gConsent/type/AccessRequest.ts:28
ApproveAccessRequestOverrides#
Ƭ ApproveAccessRequestOverrides: Omit
<Omit
<AccessGrantParameters
, "status"
>, "expirationDate"
> & { expirationDate?
: Date
| null
}
Defined in#
src/gConsent/manage/approveAccessRequest.ts:45
RedirectToAccessManagementUiOptions#
Ƭ RedirectToAccessManagementUiOptions: RedirectOptions
& FetchOptions
& { fallbackAccessManagementUi?
: UrlString
; resourceOwner?
: WebId
}
Optional parameters for the [[redirectToAccessManagementUi]] method:
fetch?
: Pass in a function with a signature compatible with the WHATWG Fetch API, which will be used to make HTTP requests. Primarily useful when requests need to be authenticated. When@inrupt/solid-client-authn-browser
is available and this property is not set,fetch
will be imported from there. Otherwise, the HTTP requests will be unauthenticated.redirectCallback?
: For use in a non-browser environment, this must be provided by the user in order to handle the redirect URL, since settingwindow.location.href
is not an option.
Since
0.4.0
Defined in#
src/gConsent/discover/redirectToAccessManagementUi.ts:54
Variables#
GRANT_VC_URL_PARAM_NAME#
• Const
GRANT_VC_URL_PARAM_NAME: "accessGrantUrl"
Defined in#
src/gConsent/manage/redirectToRequestor.ts:26
Functions#
approveAccessRequest#
▸ approveAccessRequest(requestVc
, requestOverride?
, options?
): Promise
<AccessGrant
>
Approve an access request. The content of the approved access request is provided as a Verifiable Credential which properties may be overridden if necessary.
Parameters#
Name |
Type |
Description |
---|---|---|
|
|
The Verifiable Credential representing the Access Request. If not conform to an Access Request, the function will throw. |
|
|
Elements overriding information from the provided Verifiable Credential. |
|
Optional properties to customizes the access grant behavior. Options include |
Returns#
Promise
<AccessGrant
>
A Verifiable Credential representing the granted access.
Since
0.0.1.
Defined in#
src/gConsent/manage/approveAccessRequest.ts:223
▸ approveAccessRequest(requestVc
, requestOverride
, options?
): Promise
<AccessGrant
>
Approve an access request. The content of the approved access request is provided as a set of claims, and no input Verifiable Credential is expected.
Parameters#
Name |
Type |
Description |
---|---|---|
|
|
A Verifiable Credential that would represent the Access Request if provided. |
|
Claims constructing the Access Grant. |
|
|
Optional properties to customise the access grant behaviour. |
Returns#
Promise
<AccessGrant
>
A Verifiable Credential representing the granted access.
Since
0.0.1.
Defined in#
src/gConsent/manage/approveAccessRequest.ts:240
cancelAccessRequest#
▸ cancelAccessRequest(vc
, options?
): Promise
<void
>
Cancel a request for access to data (with explicit or implicit consent) before the person being asked for access has replied. This is equivalent to revoking a access grant.
Parameters#
Name |
Type |
Description |
---|---|---|
|
|
The access request, either in the form of a VC URL or a full-fledged VC. |
|
Optional properties to customise the access request behaviour. |
Returns#
Promise
<void
>
A void promise
Since
0.0.1
Defined in#
src/gConsent/request/cancelAccessRequest.ts:37
denyAccessRequest#
▸ denyAccessRequest(vc
, options?
): Promise
<AccessGrant
>
Deny an access request. The content of the denied access request is provided as a Verifiable Credential.
Parameters#
Name |
Type |
Description |
---|---|---|
|
|
The Verifiable Credential representing the Access Request. If not conform to an Access Request, the function will throw. |
|
Optional properties to customise the access denial behaviour. |
Returns#
Promise
<AccessGrant
>
A Verifiable Credential representing the denied access.
Since
0.0.1
Defined in#
src/gConsent/manage/denyAccessRequest.ts:73
▸ denyAccessRequest(resourceOwner
, vc
, options?
): Promise
<VerifiableCredential
>
Parameters#
Name |
Type |
---|---|
|
|
|
|
|
Returns#
Promise
<VerifiableCredential
>
Deprecated
Please remove the resourceOwner
parameter.
Defined in#
src/gConsent/manage/denyAccessRequest.ts:80
getAccessApiEndpoint#
▸ getAccessApiEndpoint(resource
, options?
): Promise
<UrlString
>
Discovers the endpoint where access requests may be created for a given resource.
Parameters#
Name |
Type |
Description |
---|---|---|
|
|
The resource for which access may be requested. |
|
Optional properties to customise the access request behaviour. |
Returns#
Promise
<UrlString
>
The URL of the access request server.
Since
0.4.0
Defined in#
src/gConsent/discover/getAccessApiEndpoint.ts:70
getAccessGrant#
▸ getAccessGrant(accessGrantVcUrl
, options?
): Promise
<AccessGrant
>
Retrieve the Access Grant associated to the given URL.
Parameters#
Name |
Type |
Description |
---|---|---|
|
|
The URL of an access grant, with or without consent. |
|
Optional properties to customise the request behaviour. |
Returns#
Promise
<AccessGrant
>
The Verifiable Credential associated to the given IRI, if it is an access grant. Throws otherwise.
Since
0.4.0
Defined in#
src/gConsent/manage/getAccessGrant.ts:39
getAccessGrantAll#
▸ getAccessGrantAll(params
, options?
): Promise
<VerifiableCredential
[]>
Retrieve Access Grants issued over a resource. The Access Grants may be filtered by resource, requestor, access modes and purpose.
If a resource filter is specified, the resources hierarchy is walked up to the storage root so that all applicable Access Grants for the target resource are discovered, including recursive Access Grants issued over an ancestor container.
Parameters#
Name |
Type |
Description |
---|---|---|
|
|
- |
|
|
Optional parameter: - |
Returns#
Promise
<VerifiableCredential
[]>
A promise resolving to an array of Access Grants matching the request.
Example
const grantsForResource = await getAccessGrantAll({
resource: "https://example.org/storage/some-resource"
}, {
fetch: session.fetch,
accessEndpoint: "https://example.org/grants-holder/"
});
const grantsForAgentWrite = await getAccessGrantAll({
requestor: "https://id.example.org/some-agent-webid",
modes: ["write"]
}, {
fetch: session.fetch,
accessEndpoint: "https://example.org/grants-holder/"
});
Since
0.4.0
Defined in#
src/gConsent/manage/getAccessGrantAll.ts:211
▸ getAccessGrantAll(resource
, params?
, options?
): Promise
<VerifiableCredential
[]>
Retrieve Access Grants issued over a resource. The Access Grants may be filtered by requestor, access modes and purpose. In order to discover all applicable Access Grants for the target resource, including recursive Access Grants issued over an ancestor container, the resources hierarchy is walked up to the storage root.
Parameters#
Name |
Type |
Description |
---|---|---|
|
|
The URL of a resource to which access grants might have been issued. |
|
|
- |
|
|
Optional parameter: - |
Returns#
Promise
<VerifiableCredential
[]>
A promise resolving to an array of Access Grants matching the request.
Since
0.4.0
Deprecated
Please remove resource
parameter.
Defined in#
src/gConsent/manage/getAccessGrantAll.ts:235
getAccessGrantFromRedirectUrl#
▸ getAccessGrantFromRedirectUrl(redirectUrl
, options?
): Promise
<AccessGrant
>
Get the Access Grant out of the incoming redirect from the Access Management app.
Parameters#
Name |
Type |
Description |
---|---|---|
|
|
The URL the user has been redirected to from the access management app. |
|
|
Optional properties to customise the behaviour: - fetch: an authenticated fetch function. If not provided, the default session from @inrupt/solid-client-authn-browser will be used if available. |
|
( |
Returns#
Promise
<AccessGrant
>
An Access Grant
Since
0.5.0
Defined in#
src/gConsent/request/getAccessGrantFromRedirectUrl.ts:42
getAccessManagementUi#
▸ getAccessManagementUi(webId
, options?
): Promise
<UrlString
| undefined
>
Get the endpoint where the user prefers to be redirected when asked for access. If the user does not specify an endpoint, this function attempts to discover the default access UI recommended by their Pod provider.
Parameters#
Name |
Type |
Description |
---|---|---|
|
|
The WebID of the user asked for access. |
|
|
Optional properties to customise the access request behaviour. |
Returns#
Promise
<UrlString
| undefined
>
The URL where the user should be redirected, if discoverable.
Since
0.4.0
Defined in#
src/gConsent/discover/getAccessManagementUi.ts:114
getAccessRequest#
▸ getAccessRequest(url
, options?
): Promise
<AccessRequest
>
Fetch the Access Request from the given URL.
Parameters#
Name |
Type |
Description |
---|---|---|
|
|
The URL of the Access Request. |
|
|
Optional properties to customise the behaviour: - fetch: an authenticated fetch function. If not provided, the default session from @inrupt/solid-client-authn-browser will be used if available. |
|
( |
Returns#
Promise
<AccessRequest
>
An Access Request.
Since
2.4.0
Defined in#
src/gConsent/manage/getAccessRequest.ts:38
getAccessRequestFromRedirectUrl#
▸ getAccessRequestFromRedirectUrl(redirectUrl
, options?
): Promise
<{ accessRequest
: AccessRequest
; requestorRedirectUrl
: UrlString
}>
Get the Access Request out of the incoming redirect from the Access Management app.
Parameters#
Name |
Type |
Description |
---|---|---|
|
|
The URL the user has been redirected to from the access management app. |
|
|
Optional properties to customise the behaviour: - fetch: an authenticated fetch function. If not provided, the default session from @inrupt/solid-client-authn-browser will be used if available. |
|
( |
Returns#
Promise
<{ accessRequest
: AccessRequest
; requestorRedirectUrl
: UrlString
}>
An Access Request, and the URL to which the corresponding grant should be sent when redirecting the resource owner back to the requestor.
Since
0.5.0
Defined in#
src/gConsent/manage/getAccessRequestFromRedirectUrl.ts:52
issueAccessRequest#
▸ issueAccessRequest(params
, options?
): Promise
<AccessRequest
>
Request access to a given Resource.
Parameters#
Name |
Type |
Description |
---|---|---|
|
Access to request. |
|
|
Optional properties to customize the access request behavior. |
Returns#
Promise
<AccessRequest
>
A signed Verifiable Credential representing the access request.
Since
0.4.0
Defined in#
src/gConsent/request/issueAccessRequest.ts:77
▸ issueAccessRequest(params
, options?
): Promise
<AccessRequest
>
Parameters#
Name |
Type |
---|---|
|
|
|
Returns#
Promise
<AccessRequest
>
Deprecated
Please remove the requestor
parameter.
Defined in#
src/gConsent/request/issueAccessRequest.ts:84
redirectToAccessManagementUi#
▸ redirectToAccessManagementUi(accessRequestVc
, redirectUrl
, options?
): Promise
<void
>
Redirects the application to a resource owner’s preferred access management UI.
Parameters#
Name |
Type |
Description |
---|---|---|
|
|
The VC containing the Access Request to a resource. |
|
|
The URL where the user should be redirected back after having granted access. |
|
If you are in a NodeJS environment, you must specify a callback to handle the redirection. |
Returns#
Promise
<void
>
Since
0.4.0
Defined in#
src/gConsent/discover/redirectToAccessManagementUi.ts:95
redirectToRequestor#
▸ redirectToRequestor(accessGrantVcId
, redirectUrl
, options?
): Promise
<void
>
Redirect the user to the client which requested Access to a Resource. The Access Grant is sent as part of the redirect.
Parameters#
Name |
Type |
Description |
---|---|---|
|
|
The ID of the Access Grant VC, which should be a URL |
|
|
The URL where the client requesting access expects the user to be redirected |
|
If you are in a NodeJS environment, you must specify a callback to handle the redirection. |
Returns#
Promise
<void
>
A never resolving promise: the user is expected to be redirected away from the page by this call, so no code should be expected to run in that context after the redirect.
Since
0.5.0
Defined in#
src/gConsent/manage/redirectToRequestor.ts:44
revokeAccessGrant#
▸ revokeAccessGrant(vc
, options?
): Promise
<void
>
Makes a request to the access server to revoke a given Verifiable Credential (VC).
Parameters#
Name |
Type |
Description |
---|---|---|
|
|
Either a VC, or a URL to a VC, to be revoked. |
|
|
Optional properties to customise the request behaviour. |
Returns#
Promise
<void
>
A void promise.
Since
0.4.0
Defined in#
src/gConsent/manage/revokeAccessGrant.ts:37