Consents#

The Consents model provides a data model for loading consent information polled from Globus Auth’s get_consents API.

Consents are modeled as a ConsentForest full of ConsentTrees containing related Consents. These consents detail a path of authorization grants that have been provided by a user to client applications for token grants under certain scoped contexts.

Reference#

class globus_sdk.experimental.consents.ConsentForest(consents)[source]#

A ConsentForest is a data structure which models relationships between Consents,: objects describing explicit access users have granted to particular clients.
It exists to expose a simple interface for evaluating whether resource server grant: requirements, as defined by a scope object are satisfied.

Consents should be retrieved from the AuthClient’s get_consents method.

Example usage:

>>> auth_client = AuthClient(...)
>>> identity_id = ...
>>> forest = auth_client.get_consents(identity_id).to_forest()
>>>
>>> # Check whether the forest contains a scope relationship
>>> dependent_scope = GCSCollectionScopeBuilder(collection_id).data_access
>>> scope = f"{TransferScopes.all}[{dependent_scope}]"
>>> forest.contains_scopes(scope)

The following diagram demonstrates a Consent Forest in which a user has consented: to a client (“CLI”) initiating transfers against two collections, both of which require a “data_access” dynamic scope.
Contained Scope String:: transfer:all[<collection1>:data_access <collection2>:data_access]

[Consent A          ]    [Consent B                       ]
[Client: CLI        ] -> [Client: Transfer                ]
[Scope: transfer:all]    [Scope: <collection1>:data_access]
        |
        |                [Consent C                       ]
        |--------------> [Client: Transfer                ]
                         [Scope: <collection2>:data_access]

meets_scope_requirements(scopes)[source]#

Check whether this consent meets one or more scope requirements.

A consent forest meets a particular scope requirement if any consent tree: inside the forest meets the scope requirements.

Parameters:: scopes (Scope | str | Sequence[Scope | str]) – A single scope, a list of scopes, or a scope string to check against the forest.
Returns:: True if all scope requirements are met, False otherwise.
Return type:: bool

class globus_sdk.experimental.consents.ConsentTree(root_id, forest)[source]#

A tree of Consent nodes with edges modeling the dependency relationships between: them.

Raises:: ConsentParseError if the tree cannot be constructed due to missing consent dependencies.

meets_scope_requirements(scope)[source]#

Check whether this consent tree meets a particular scope requirement.

Parameters:: scope (Scope) – A Scope requirement to check against the tree.
Return type:: bool

class globus_sdk.experimental.consents.Consent(client, scope, scope_name, id, effective_identity, dependency_path, created, updated, last_used, status, allows_refresh, auto_approved, atomically_revocable)[source]#

Consent Data Object

This object models:

A grant which a user has provided for a client to perform a particular
scoped operation on their behalf.
The consent is conditional on the invocation path leading to the client’s
attempted operation being initiated through a chain of similarly scoped operations (consents) defined in the “dependency_path”.

classmethod load(data)[source]#

Load a Consent object from a raw data dictionary.

Parameters:: data (Mapping[str, Any]) – A dictionary containing the raw consent data.
Raises:: ConsentParseError if the data is missing a required key.
Return type:: Consent

exception globus_sdk.experimental.consents.ConsentParseError(message, raw_consent)[source]#

An error raised if consent parsing/loading fails.

exception globus_sdk.experimental.consents.ConsentTreeConstructionError(message, consents)[source]#

An error raised if consent tree construction fails.