Inspect Access Requests and Access Grants

Access Requests and Grants

The following Inrupt products are available to support Access Requests and Grants:

solid-client-access-grants library for managing Access Requests and Grants
Inrupt’s Enterprise Solid Server provides support for Access Requests and Grants. ESS serializes the Access Requests and Grants as Verifiable Credentials.
Inrupt’s Authorization Management Component supports Access Request management.

Since the content of this page is applicable to both Access Requests and Access Grants, the generic term Access Credential is used to refer to both.

Access Credentials are used to get access to data from a Pod, and it is useful to be able to inspect the metadata from the Credential to figure out which Pod data it applies to, and who can exercise the access it is giving.

Reading information from Access Credentials

The @inrupt/solid-client-access-grants library provides various getters to extract information from the Access Credentials. The API docs lists all the available getters.

Most getters are specific to the Access Credentials data model: for instance, getResources lists all resources for which an Access Credential is applicable. Here is a basic usage exemple.

const credential = /* get the credential */;
const resources = getResources(credential);
console.log(
  `Credential ${credential.id} applies to ${resources.length} resources.`
);

Reading custom fields from Access Credentials

@inrupt/solid-client-access-grants supports adding custom fields to Access Credentials. These custom fields can also be read from the credential using dedicated getters. Two approaches are possible:

Bulk reading custom fields with getCustomFields

Reads all the custom fields in the consent section of the provided Access Credential, and returns them as an object, keyed by custom field URL.

Reading typed individual custom fields with getCustomBoolean, getCustomFloat, getCustomInteger and getCustomString.

Reads a given custom field (using its URL as a key) from the consent section of the provided Access Credential. These getters are type-safe and will throw on type mismatch.

const accessRequest = await issueAccessRequest({/* ... */}, {
 /* ..., */
 customFields: new Set([
    {
      key: new URL("https://example.org/ns/customString"),
      value: "custom value",
    },
    {
      key: new URL("https://example.org/ns/customInteger"),
      value: 1,
    },
  ]),
});
const customFields = getCustomFields(accessRequest);
// s is "custom value"
const s = customFields["https://example.org/ns/customString"];
// i is 1
const i = customFields["https://example.org/ns/customInteger"];

// s2 is also "custom value", and it is type safe.
const s2: string = getCustomString(
  accessRequest,
  new URL("https://example.org/ns/customString")
);

// i2 is also 1, and it is type safe.
const i2: number = getCustomInteger(
  accessRequest,
  new URL("https://example.org/ns/customInteger")
);

PreviousUse Access Grants to Access Resources NextNotifications

Last updated 4 months ago

hashtagReading information from Access Credentials

hashtagReading custom fields from Access Credentials

Reading information from Access Credentials

Reading custom fields from Access Credentials