Crafting an Access Grant

Hello all,

I am trying to use Module: manage — Inrupt solid-client-access-grants Documentation and specifically the function described as approveAccessRequest (requestVc , requestOverride , options? ).

The code I am attempting to use is

const craftedAccessGrant = await approveAccessRequest(requestVc, {
access: { read: true },
//issuanceDate: issuanceDate,
//expirationDate: expirationDate,
requestor: ‘https://pod.inrupt.com/examplePod/profile/card#me’,
//requestorInboxUrl: ‘https://pod.inrupt.com/examplePod/inbox/’,
resources: [‘https://pod.inrupt.com/myPod/private/’],
status: “GConsent - a consent ontology based on the GDPR”,
}, { fetch: session.fetch });

But this throws an error of Unsupported authorization scheme: [DPoP]. I read the documentation and it expects type UMA. I am unsure how to solve this in order to craft a custom access grant.

Any help is appreciated, thanks

The only demo I can see for this API currently is a server example, though, I believe the user needs to use a dedicated access management app (e.g., podbrowser) in order to approve the grant, so that could be it too.

1 Like

I see, thanks. I took a look at that one and unfortunately it uses the approveAccessRequest function that requires an existing requestVc as an argument (and the ones on the inrupt docs use deprecated examples) - I was hoping the other overloaded method could be used to go ahead and create a grant and issue it to a specific user in another way.

Still, thanks for the help!

I’ve also just been told that this API only works with ESS 2.0, not 1.1, which is currently what exists at pod.inrupt.com

1 Like

In general, I think the idea is that the access request reaches an authorizing application (something capable of accepting an access grant, e.g., podbrowser) and that an application wishing to access certain resources goes through a redirect flow, hence you’d have an existing requestVc.

Does this documentation make things clearer? Manage Access Requests — Inrupt JavaScript Client Libraries

I’m not sure what you mean by “the ones on the inrupt docs use deprecated examples” — that certainly shouldn’t be the case, but if it is, do let us know and we can work to correct.

Alright, thanks. I’m wondering what the use of the overloaded approveAccessRequest is then.

As far as the deprecated examples - the code blocks on Manage Access Grants — Inrupt JavaScript Client Libraries use the deprecated approveAccessRequest function calls which require webID as the first argument, as shown here solid-client-access-grants-js/approveAccessRequest.ts at main · inrupt/solid-client-access-grants-js · GitHub and line 203.

Thanks for the help!