The Consents model provides a data model for loading consent information polled from Globus Auth’s get_consents API.

Consents are modeled as a ConsentForest full of ConsentTrees containing related Consents. These consents detail a path of authorization grants that have been provided by a user to client applications for token grants under certain scoped contexts.


class globus_sdk.experimental.consents.ConsentForest(consents)[source]#
A ConsentForest is a data structure which models relationships between Consents,

objects describing explicit access users have granted to particular clients.

It exists to expose a simple interface for evaluating whether resource server grant

requirements, as defined by a scope object are satisfied.

Consents should be retrieved from the AuthClient’s get_consents method.

Example usage:

>>> auth_client = AuthClient(...)
>>> identity_id = ...
>>> forest = auth_client.get_consents(identity_id).to_forest()
>>> # Check whether the forest contains a scope relationship
>>> dependent_scope = GCSCollectionScopeBuilder(collection_id).data_access
>>> scope = f"{TransferScopes.all}[{dependent_scope}]"
>>> forest.contains_scopes(scope)
The following diagram demonstrates a Consent Forest in which a user has consented

to a client (“CLI”) initiating transfers against two collections, both of which require a “data_access” dynamic scope.

Contained Scope String:

transfer:all[<collection1>:data_access <collection2>:data_access]

[Consent A          ]    [Consent B                       ]
[Client: CLI        ] -> [Client: Transfer                ]
[Scope: transfer:all]    [Scope: <collection1>:data_access]
        |                [Consent C                       ]
        |--------------> [Client: Transfer                ]
                         [Scope: <collection2>:data_access]

Check whether this consent meets one or more scope requirements.

A consent forest meets a particular scope requirement if any consent tree

inside the forest meets the scope requirements.


scopes (Scope | str | Sequence[Scope | str]) – A single scope, a list of scopes, or a scope string to check against the forest.


True if all scope requirements are met, False otherwise.

Return type:


class globus_sdk.experimental.consents.ConsentTree(root_id, forest)[source]#
A tree of Consent nodes with edges modeling the dependency relationships between



ConsentParseError if the tree cannot be constructed due to missing consent dependencies.


Check whether this consent tree meets a particular scope requirement.


scope (Scope) – A Scope requirement to check against the tree.

Return type:


class globus_sdk.experimental.consents.Consent(client, scope, scope_name, id, effective_identity, dependency_path, created, updated, last_used, status, allows_refresh, auto_approved, atomically_revocable)[source]#

Consent Data Object

This object models:
  • A grant which a user has provided for a client to perform a particular

    scoped operation on their behalf.

  • The consent is conditional on the invocation path leading to the client’s

    attempted operation being initiated through a chain of similarly scoped operations (consents) defined in the “dependency_path”.

classmethod load(data)[source]#

Load a Consent object from a raw data dictionary.


data (Mapping[str, Any]) – A dictionary containing the raw consent data.


ConsentParseError if the data is missing a required key.

Return type:


exception globus_sdk.experimental.consents.ConsentParseError(message, raw_consent)[source]#

An error raised if consent parsing/loading fails.

exception globus_sdk.experimental.consents.ConsentTreeConstructionError(message, consents)[source]#

An error raised if consent tree construction fails.