Consents

The Consents model provides a data model for loading consent information polled from Globus Auth’s get_consents API.

Consents are modeled as a ConsentForest full of ConsentTrees containing related Consents. These consents detail a path of authorization grants that have been provided by a user to client applications for token grants under certain scoped contexts.

While the consent model classes themselves are exposed here in globus_sdk.scopes.consents, most objects are actually loaded from a globus_sdk.AuthClient.get_consents() response, using the attached globus_sdk.GetConsentsResponse.to_forest() method:

import globus_sdk
from globus_sdk.scopes.consents import ConsentForest

my_identity_id = ...
client = globus_sdk.AuthClient(...)
response = client.get_consents(my_identity_id)

consent_forest: ConsentForest = response.to_forest()

Reference

class globus_sdk.scopes.consents.ConsentForest(consents)[source]
A ConsentForest is a data structure which models relationships between Consents,

objects describing explicit access users have granted to particular clients.

It exists to expose a simple interface for evaluating whether resource server grant

requirements, as defined by a scope object are satisfied.

Consents should be retrieved from the AuthClient’s get_consents method.

Example usage:

>>> auth_client = AuthClient(...)
>>> identity_id = ...
>>> forest = auth_client.get_consents(identity_id).to_forest()
>>>
>>> # Check whether the forest contains a scope relationship
>>> dependent_scope = GCSCollectionScopeBuilder(collection_id).data_access
>>> scope = f"{TransferScopes.all}[{dependent_scope}]"
>>> forest.contains_scopes(scope)
The following diagram demonstrates a Consent Forest in which a user has consented

to a client (“CLI”) initiating transfers against two collections, both of which require a “data_access” dynamic scope.

Contained Scope String:

transfer:all[<collection1>:data_access <collection2>:data_access]

[Consent A          ]    [Consent B                       ]
[Client: CLI        ] -> [Client: Transfer                ]
[Scope: transfer:all]    [Scope: <collection1>:data_access]
        |
        |                [Consent C                       ]
        |--------------> [Client: Transfer                ]
                         [Scope: <collection2>:data_access]
meets_scope_requirements(scopes)[source]

Check whether this consent meets one or more scope requirements.

A consent forest meets a particular scope requirement if any consent tree

inside the forest meets the scope requirements.

Parameters:

scopes (Scope | str | Sequence[Scope | str]) – A single scope, a list of scopes, or a scope string to check against the forest.

Returns:

True if all scope requirements are met, False otherwise.

Return type:

bool

class globus_sdk.scopes.consents.ConsentTree(root_id, forest)[source]
A tree of Consent nodes with edges modeling the dependency relationships between

them.

Raises:

ConsentParseError if the tree cannot be constructed due to missing consent dependencies.

meets_scope_requirements(scope)[source]

Check whether this consent tree meets a particular scope requirement.

Parameters:

scope (Scope) – A Scope requirement to check against the tree.

Return type:

bool

class globus_sdk.scopes.consents.Consent(client, scope, scope_name, id, effective_identity, dependency_path, created, updated, last_used, status, allows_refresh, auto_approved, atomically_revocable)[source]

Consent Data Object

This object models:
  • A grant which a user has provided for a client to perform a particular

    scoped operation on their behalf.

  • The consent is conditional on the invocation path leading to the client’s

    attempted operation being initiated through a chain of similarly scoped operations (consents) defined in the “dependency_path”.

classmethod load(data)[source]

Load a Consent object from a raw data dictionary.

Parameters:

data (Mapping[str, Any]) – A dictionary containing the raw consent data.

Raises:

ConsentParseError if the data is missing a required key.

Return type:

Consent

exception globus_sdk.scopes.consents.ConsentParseError(message, raw_consent)[source]

An error raised if consent parsing/loading fails.

exception globus_sdk.scopes.consents.ConsentTreeConstructionError(message, consents)[source]

An error raised if consent tree construction fails.