Crafting an Access Grant

gaz009 · July 7, 2022, 8:42pm

Hello all,

I am trying to use https://docs.inrupt.com/developer-tools/api/javascript/solid-client-access-grants/modules/manage.html#approveaccessrequest and specifically the function described as approveAccessRequest (requestVc , requestOverride , options? ).

The code I am attempting to use is

const craftedAccessGrant = await approveAccessRequest(requestVc, {
access: { read: true },
//issuanceDate: issuanceDate,
//expirationDate: expirationDate,
requestor: ‘https://pod.inrupt.com/examplePod/profile/card#me’,
//requestorInboxUrl: ‘https://pod.inrupt.com/examplePod/inbox/’,
resources: [‘https://pod.inrupt.com/myPod/private/’],
status: “GConsent - a consent ontology based on the GDPR”,
}, { fetch: session.fetch });

But this throws an error of Unsupported authorization scheme: [DPoP]. I read the documentation and it expects type UMA. I am unsure how to solve this in order to craft a custom access grant.

Any help is appreciated, thanks

ThisIsMissEm · July 8, 2022, 12:21am

The only demo I can see for this API currently is a server example, though, I believe the user needs to use a dedicated access management app (e.g., podbrowser) in order to approve the grant, so that could be it too.

gaz009 · July 8, 2022, 12:39am

I see, thanks. I took a look at that one and unfortunately it uses the approveAccessRequest function that requires an existing requestVc as an argument (and the ones on the inrupt docs use deprecated examples) - I was hoping the other overloaded method could be used to go ahead and create a grant and issue it to a specific user in another way.

Still, thanks for the help!

ThisIsMissEm · July 8, 2022, 12:52pm

I’ve also just been told that this API only works with ESS 2.0, not 1.1, which is currently what exists at pod.inrupt.com

ThisIsMissEm · July 8, 2022, 3:44pm

In general, I think the idea is that the access request reaches an authorizing application (something capable of accepting an access grant, e.g., podbrowser) and that an application wishing to access certain resources goes through a redirect flow, hence you’d have an existing requestVc.

Does this documentation make things clearer? Manage Access Requests — Inrupt JavaScript Client Libraries

I’m not sure what you mean by “the ones on the inrupt docs use deprecated examples” — that certainly shouldn’t be the case, but if it is, do let us know and we can work to correct.

gaz009 · July 8, 2022, 4:00pm

Alright, thanks. I’m wondering what the use of the overloaded approveAccessRequest is then.

As far as the deprecated examples - the code blocks on Manage Access Grants — Inrupt JavaScript Client Libraries use the deprecated approveAccessRequest function calls which require webID as the first argument, as shown here solid-client-access-grants-js/approveAccessRequest.ts at main · inrupt/solid-client-access-grants-js · GitHub and line 203.

Thanks for the help!

Topic		Replies	Views
Request access for broker.pod.inrupt.com pod	6	369	May 31, 2022
Managing access to resource using inrupt/solid-client Javascript package Solid App Development FAQs	4	1118	January 5, 2022
The latest addition to Inrupt's JavaScript Libraries - Universal Access Control APIs Build a Solid App	1	735	March 16, 2021
Automatically issue and approve access requests	2	468	July 12, 2022
There is a way to change inrupt folder permissions with Typescript code? Build a Solid App	4	399	March 30, 2023

Crafting an Access Grant

Related Topics