Access Requests and Grants#

Inrupt’s Enterprise Solid Server (ESS) supports an authorization mechanism based on Access Requests and Grants. With access requests and grants:

  1. An agent sends an access request to the resource owner. In ESS, the access request is serialized as a VC. This request includes the specific access mode (e.g. Read, Write, Append), the resource(s) to access, etc.

  2. The resource owner decides to deny or grant the access request:

    • For an approved request, ESS creates an access grant with an approved status.

    • For a denied request, ESS creates an access grant with a denied status.

    In ESS, the access grant is serialized as a VC, and the resource owner can revoke the access grant in the future.

  3. If the requesting agent has an approved access grant, the requesting agent can exchange the access grant for an access token in order to access the resource.


To handle access requests and grants, Inrupt’s Java Client Library provides the inrupt-client-accessgrant module:

Next Steps#

Create Access Requests/Grants

Create access requests and access grants.

Use Access Grants

Use Access Grants to access Pod resources.