Inspect Access Requests and Access Grants#

Access Requests and Grants

The following Inrupt products are available to support Access Requests and Grants:

  • @inrupt/solid-client-access-grants is a library for managing Access Requests and Grants.

  • Inrupt’s Enterprise Solid Server (ESS) provides support for Access Requests and Grants. ESS serializes the Access Requests and Grants as Verifiable Credentials (VCs). To allow the use of Access Grants for a resource, ESS’ Access Control Policies supports access policies based on a VC type matcher.

  • Inrupt’s Authorization Management Component supports Access Request management. New as part of ESS 2.2

Since the content of this page is applicable to both Access Requests and Access Grants, the generic term Access Credential is used to refer to both.

Access Credentials are used to get access to data from a Pod, and it is useful to be able to inspect the metadata from the Credential to figure out which Pod data it applies to, and who can exercise the access it is giving.

Reading information from Access Credentials#

The @inrupt/solid-client-access-grants library provides various getters to extract information from the Access Credentials. The API docs lists all the available getters.

Most getters are specific to the Access Credentials data model: for instance, getResources lists all resources for which an Access Credential is applicable. Here is a basic usage exemple.

const credential = /* get the credential */;
const resources = getResources(credential);
console.log(
  `Credential ${credential.id} applies to ${resources.length} resources.`
);

Reading custom fields from Access Credentials#

Starting in version 3.2.0, @inrupt/solid-client-access-grants supports adding custom fields to Access Credentials. These custom fields can also be read from the credential using dedicated getters. Two approaches are possible:

Bulk reading custom fields with getCustomFields

Reads all the custom fields in the consent section of the provided Access Credential, and returns them as an object, keyed by custom field URL.

Reading typed individual custom fields with getCustomBoolean, getCustomFloat, getCustomInteger and getCustomString.

Reads a given custom field (using its URL as a key) from the consent section of the provided Access Credential. These getters are type-safe and will throw on type mismatch.

 
const accessRequest = await issueAccessRequest({/* ... */}, {
 /* ..., */
 customFields: new Set([
    {
      key: new URL("https://example.org/ns/customString"),
      value: "custom value",
    },
    {
      key: new URL("https://example.org/ns/customInteger"),
      value: 1,
    },
  ]),
});
const customFields = getCustomFields(accessRequest);
// s is "custom value"
const s = customFields["https://example.org/ns/customString"];
// i is 1
const i = customFields["https://example.org/ns/customInteger"];

// s2 is also "custom value", and it is type safe.
const s2: string = getCustomString(
  accessRequest,
  new URL("https://example.org/ns/customString")
);

// i2 is also 1, and it is type safe.
const i2: number = getCustomInteger(
  accessRequest,
  new URL("https://example.org/ns/customInteger")
);