Inrupt WebsiteSupport Center

Recommendations for Applications

Applications handling Access Requests/Grants should:

  • Validate the Access Requests/Grants’ URL.

  • Validate the Resource URLs.

  • Use authenticated fetches to fetch the Purpose URLs.

  • Escape the values when displaying Purpose URLs and definition.

  • NOT display the Purpose URLs as links

  • Verify that the requestor is trusted before fetching the profile and extended profile.

  • NOT display WebID as links.

    • If dereferencing profile/extended profile:

      • Escape label values if displaying labels.

      • Validate that the image property is a valid URL if displaying the image.

  • NOT prompt users on their IDP based on the WebID of the Resource’s Owner.

PreviousAccess Requests and GrantsNextAuthorization Management Component (AMC)

Last updated