Consents¶
The Consents model provides a data model for loading consent information polled from
Globus Auth’s get_consents
API.
Consents are modeled as a ConsentForest
full of ConsentTrees
containing related
Consents
. These consents detail a path of authorization grants that have been
provided by a user to client applications for token grants under certain scoped
contexts.
While the consent model classes themselves are exposed here in globus_sdk.scopes.consents
,
most objects are actually loaded from a globus_sdk.AuthClient.get_consents()
response, using the attached globus_sdk.GetConsentsResponse.to_forest()
method:
import globus_sdk
from globus_sdk.scopes.consents import ConsentForest
my_identity_id = ...
client = globus_sdk.AuthClient(...)
response = client.get_consents(my_identity_id)
consent_forest: ConsentForest = response.to_forest()
Reference¶
- class globus_sdk.scopes.consents.ConsentForest(consents)[source]¶
- A ConsentForest is a data structure which models relationships between Consents,
objects describing explicit access users have granted to particular clients.
- It exists to expose a simple interface for evaluating whether resource server grant
requirements, as defined by a scope object are satisfied.
Consents should be retrieved from the AuthClient’s get_consents method.
Example usage:
>>> auth_client = AuthClient(...) >>> identity_id = ... >>> forest = auth_client.get_consents(identity_id).to_forest() >>> >>> # Check whether the forest contains a scope relationship >>> dependent_scope = GCSCollectionScopeBuilder(collection_id).data_access >>> scope = f"{TransferScopes.all}[{dependent_scope}]" >>> forest.contains_scopes(scope)
- The following diagram demonstrates a Consent Forest in which a user has consented
to a client (“CLI”) initiating transfers against two collections, both of which require a “data_access” dynamic scope.
- Contained Scope String:
transfer:all[<collection1>:data_access <collection2>:data_access]
[Consent A ] [Consent B ] [Client: CLI ] -> [Client: Transfer ] [Scope: transfer:all] [Scope: <collection1>:data_access] | | [Consent C ] |--------------> [Client: Transfer ] [Scope: <collection2>:data_access]
- class globus_sdk.scopes.consents.ConsentTree(root_id, forest)[source]¶
- A tree of Consent nodes with edges modeling the dependency relationships between
them.
- Raises:
ConsentParseError if the tree cannot be constructed due to missing consent dependencies.
- class globus_sdk.scopes.consents.Consent(client, scope, scope_name, id, effective_identity, dependency_path, created, updated, last_used, status, allows_refresh, auto_approved, atomically_revocable)[source]¶
Consent Data Object
- This object models:
- A grant which a user has provided for a client to perform a particular
scoped operation on their behalf.
- The consent is conditional on the invocation path leading to the client’s
attempted operation being initiated through a chain of similarly scoped operations (consents) defined in the “dependency_path”.