Crafting an Access Grant

gaz009 · July 7, 2022, 8:42pm

Hello all,

I am trying to use https://docs.inrupt.com/developer-tools/api/javascript/solid-client-access-grants/modules/manage.html#approveaccessrequest and specifically the function described as approveAccessRequest (requestVc , requestOverride , options? ).

The code I am attempting to use is

const craftedAccessGrant = await approveAccessRequest(requestVc, {
access: { read: true },
//issuanceDate: issuanceDate,
//expirationDate: expirationDate,
requestor: ‘https://pod.inrupt.com/examplePod/profile/card#me’,
//requestorInboxUrl: ‘https://pod.inrupt.com/examplePod/inbox/’,
resources: [‘https://pod.inrupt.com/myPod/private/’],
status: “GConsent - a consent ontology based on the GDPR”,
}, { fetch: session.fetch });

But this throws an error of Unsupported authorization scheme: [DPoP]. I read the documentation and it expects type UMA. I am unsure how to solve this in order to craft a custom access grant.

Any help is appreciated, thanks

ThisIsMissEm · July 8, 2022, 12:21am

The only demo I can see for this API currently is a server example, though, I believe the user needs to use a dedicated access management app (e.g., podbrowser) in order to approve the grant, so that could be it too.

gaz009 · July 8, 2022, 12:39am

I see, thanks. I took a look at that one and unfortunately it uses the approveAccessRequest function that requires an existing requestVc as an argument (and the ones on the inrupt docs use deprecated examples) - I was hoping the other overloaded method could be used to go ahead and create a grant and issue it to a specific user in another way.

Still, thanks for the help!

ThisIsMissEm · July 8, 2022, 12:52pm

I’ve also just been told that this API only works with ESS 2.0, not 1.1, which is currently what exists at pod.inrupt.com

ThisIsMissEm · July 8, 2022, 3:44pm

In general, I think the idea is that the access request reaches an authorizing application (something capable of accepting an access grant, e.g., podbrowser) and that an application wishing to access certain resources goes through a redirect flow, hence you’d have an existing requestVc.

Does this documentation make things clearer? Manage Access Requests — Inrupt JavaScript Client Libraries

I’m not sure what you mean by “the ones on the inrupt docs use deprecated examples” — that certainly shouldn’t be the case, but if it is, do let us know and we can work to correct.

gaz009 · July 8, 2022, 4:00pm

Alright, thanks. I’m wondering what the use of the overloaded approveAccessRequest is then.

As far as the deprecated examples - the code blocks on Manage Access Grants — Inrupt JavaScript Client Libraries use the deprecated approveAccessRequest function calls which require webID as the first argument, as shown here solid-client-access-grants-js/approveAccessRequest.ts at main · inrupt/solid-client-access-grants-js · GitHub and line 203.

Thanks for the help!

Topic		Replies	Views
Request access for broker.pod.inrupt.com pod	6	408	May 31, 2022
Request access to another pod on community solid server Build a Solid App	8	675	March 28, 2024
Managing access to resource using inrupt/solid-client Javascript package Solid App Development FAQs	4	1209	January 5, 2022
Requesting access as ESS authenticated application Solid App Development FAQs	43	1535	August 16, 2022
The latest addition to Inrupt's JavaScript Libraries - Universal Access Control APIs Build a Solid App	1	797	March 16, 2021

Crafting an Access Grant

Related topics