SolidLabResearch
diff --git a/‎demo/data/demo/README$.markdown‎
Lines changed: 0 additions & 27 deletions b/‎demo/data/demo/README$.markdown‎
Lines changed: 0 additions & 27 deletions
diff --git a/‎demo/data/demo/public/.meta‎
Lines changed: 0 additions & 7 deletions b/‎demo/data/demo/public/.meta‎
Lines changed: 0 additions & 7 deletions
diff --git a/‎demo/flow.ts‎
Lines changed: 31 additions & 8 deletions b/‎demo/flow.ts‎
Lines changed: 31 additions & 8 deletions
diff --git a/‎demo/policyCreation.ts‎
Lines changed: 34 additions & 34 deletions b/‎demo/policyCreation.ts‎
Lines changed: 34 additions & 34 deletions
diff --git a/‎packages/ucp/src/Request.ts‎
Lines changed: 22 additions & 10 deletions b/‎packages/ucp/src/Request.ts‎
Lines changed: 22 additions & 10 deletions
@@ -69,10 +69,6 @@ async function main() {
   log(`Now, having discovered both the location of the UMA server and of the desired data, an agent can request the former for access to the latter.`);
 
   const accessRequest = {
-    // grant_type: 'urn:ietf:params:oauth:grant-type:uma-ticket',
-    // ticket,
-    claim_token: encodeURIComponent(terms.agents.vendor),
-    claim_token_format: 'urn:solidlab:uma:claims:formats:webid',
     permissions: [{
       resource_id: terms.views.age,
       resource_scopes: [ terms.scopes.read ],
@@ -85,7 +81,7 @@ async function main() {
       body: JSON.stringify(accessRequest),
   });
 
-  // if (accessDeniedResponse.status !== 403) { log('Access request succeeded without policy...'); throw 0; }
+  if (accessDeniedResponse.status !== 403) { log('Access request succeeded without policy...'); throw 0; }
 
   log(`Without a policy allowing the access, the access is denied.`);
   log(`However, the UMA server enables multiple flows in which such a policy can be added, for example by notifying the resource owner. (This is out-of-scope for this demo.)`);
@@ -96,7 +92,7 @@ async function main() {
 
   const startDate = new Date();
   const endDate = new Date(startDate.valueOf() + 14 * 24 * 60 * 60 * 1000);
-  const purpose = 'age-verification'
+  const purpose = 'urn:solidlab:uma:claims:purpose:age-verification'
   const policy = demoPolicy(terms.views.age, terms.agents.vendor, { startDate, endDate, purpose })
 
   // create container if it does not exist yet
@@ -111,15 +107,42 @@ async function main() {
 
   log(`Now that the policy has been set, and the agent has possibly been notified in some way, the agent can try the access request again.`);
 
-  const accessGrantedResponse = await fetch(tokenEndpoint, {
+  const needInfoResponse = await fetch(tokenEndpoint, {
     method: "POST",
     headers: { "content-type": "application/json" },
     body: JSON.stringify(accessRequest),
   });
 
+  if (needInfoResponse.status !== 403) { log('Access request succeeded without claims...'); throw 0; }
+
+  const { ticket, required_claims } = await needInfoResponse.json();
+
+  log(`Based on the policy, the UMA server requests the following claims from the agent:`);
+  required_claims.claim_token_format[0].forEach((format: string) => log(`  - ${format}`))
+
+  // JWT (HS256; secret: "ceci n'est pas un secret")
+  // {
+  //   "http://www.w3.org/ns/odrl/2/purpose": "urn:solidlab:uma:claims:purpose:age-verification",
+  //   "urn:solidlab:uma:claims:types:webid": "http://localhost:3000/demo/public/vendor"
+  // }
+  const claim_token = "eyJhbGciOiJIUzI1NiJ9.eyJodHRwOi8vd3d3LnczLm9yZy9ucy9vZHJsLzIvcHVycG9zZSI6InVybjpzb2xpZGxhYjp1bWE6Y2xhaW1zOnB1cnBvc2U6YWdlLXZlcmlmaWNhdGlvbiIsInVybjpzb2xpZGxhYjp1bWE6Y2xhaW1zOnR5cGVzOndlYmlkIjoiaHR0cDovL2xvY2FsaG9zdDozMDAwL2RlbW8vcHVibGljL3ZlbmRvciJ9.Px7G3zl1ZpTy1lk7ziRMvNv12Enb0uhup9kiVI6Ot3s"
+
+  log(`The agent gathers the necessary claims (the manner in which is out-of-scope for this demo), and sends them to the UMA server as a JWT.`)
+
+  const accessGrantedResponse = await fetch(tokenEndpoint, {
+    method: "POST",
+    headers: { "content-type": "application/json" },
+    body: JSON.stringify({
+      ...accessRequest,
+      ticket,
+      claim_token_format: 'urn:solidlab:uma:claims:formats:jwt',
+      claim_token,
+    })
+  });
+
   if (accessGrantedResponse.status !== 200) { log('Access request failed despite policy...'); throw 0; }
 
-  log(`Based on the policy, the UMA server returns the agent an access token with the requested permissions.`);
+  log(`The UMA server checks the claims with the relevant policy, and returns the agent an access token with the requested permissions.`);
 
   const tokenParams = await accessGrantedResponse.json();
   const accessWithTokenResponse = await fetch(terms.views.age, {
 
@@ -9,45 +9,45 @@ import { SimplePolicy, UCPPolicy, basicPolicy } from '@solidlab/ucp'
  * @param constraints - the temporal and purpuse constraints on the usage of the data
  */
 export function demoPolicy(
-    targetIRI: string, 
-    requestingPartyIRI: string, 
-    constraints?: { 
-        startDate?: Date, 
-        endDate?: Date, 
-        purpose?: string 
-    }
+  targetIRI: string, 
+  requestingPartyIRI: string, 
+  constraints?: { 
+    startDate?: Date, 
+    endDate?: Date, 
+    purpose?: string 
+  }
 ): SimplePolicy {
-    const constraintList: any[] = [];
+  const constraintList: any[] = [];
 
-    if (constraints?.startDate) constraintList.push({
-        type: 'temporal',
-        operator: 'http://www.w3.org/ns/odrl/2/gt',
-        value: constraints?.startDate,
-    });
+  if (constraints?.startDate) constraintList.push({
+    type: 'temporal',
+    operator: 'http://www.w3.org/ns/odrl/2/gt',
+    value: constraints?.startDate,
+  });
 
-    if (constraints?.endDate) constraintList.push({
-        type: 'temporal',
-        operator: 'http://www.w3.org/ns/odrl/2/lt',
-        value: constraints?.endDate,
-    });
+  if (constraints?.endDate) constraintList.push({
+    type: 'temporal',
+    operator: 'http://www.w3.org/ns/odrl/2/lt',
+    value: constraints?.endDate,
+  });
 
-    if (constraints?.purpose) constraintList.push({
-        type: 'purpose',
-        operator: 'http://www.w3.org/ns/odrl/2/eq',
-        value: constraints?.purpose,
-    });
+  if (constraints?.purpose) constraintList.push({
+    type: 'purpose',
+    operator: 'http://www.w3.org/ns/odrl/2/eq',
+    value: constraints?.purpose,
+  });
 
-    const policy: UCPPolicy = {
-        rules: [{
-            resource: targetIRI,
-            action: "http://www.w3.org/ns/odrl/2/read", // ODRL action
-            requestingParty: requestingPartyIRI,
-            // owner: "https://pod.woutslabbinck.com/profile/card#me", // might error
-            constraints: constraintList
-        }]
-    }
+  const policy: UCPPolicy = {
+    rules: [{
+      resource: targetIRI,
+      action: "http://www.w3.org/ns/odrl/2/read", // ODRL action
+      requestingParty: requestingPartyIRI,
+      // owner: "https://pod.woutslabbinck.com/profile/card#me", // might error
+      constraints: constraintList
+    }]
+  }
 
-    const policyObject = basicPolicy(policy);
+  const policyObject = basicPolicy(policy);
 
-    return policyObject
+  return policyObject
 }
@@ -1,30 +1,30 @@
 import { Store, DataFactory } from "n3";
-const { quad, namedNode } = DataFactory
+const { quad, namedNode, literal } = DataFactory
 
 /**
  * 
- * @property {string} subject - The identifier of the entity that wants to execute an action on a resource (e.g. a {@link https://solid.github.io/webid-profile/ WebID})
- * @property {string} action - The type of action(s) that the entity wants to perform on the resource (e.g. a CRUD action)
- * @property {string} resource - The resource identifier that is governed by a usage control policy 
- * @property {string} context - Extra information supplied (can be the purpose of use, extra claims, ...) | Note: currently not implemented yet
- * @property {string} owner - The owner/providerof the resource (e.g. a {@link https://solid.github.io/webid-profile/ WebID})
+ * @property subject - The identifier of the entity that wants to execute an action on a resource (e.g. a {@link https://solid.github.io/webid-profile/ WebID})
+ * @property action - The type of action(s) that the entity wants to perform on the resource (e.g. a CRUD action)
+ * @property resource - The resource identifier that is governed by a usage control policy 
+ * @property claims - Extra information supplied (can be the purpose of use, extra claims, ...)
+ * @property owner - The owner/providerof the resource (e.g. a {@link https://solid.github.io/webid-profile/ WebID})
  */
 export interface UconRequest {
     subject: string;
     action: string[];
     resource: string;
-    context?: string;
-    owner?: string
+    owner?: string;
+    claims?: NodeJS.Dict<unknown>;
 }
+
 /**
  * Creates an N3 Store based on the context of an UMA Access Request.
  * Currently, the access request also contain ACL access modes.
  * @param context
  */
-
 export function createContext(request: UconRequest): Store {
     const contextStore = new Store();
-    const { owner, subject: requestingParty, action: requestedAccessModes, resource } = request;
+    const { owner, subject: requestingParty, action: requestedAccessModes, resource, claims } = request;
     const contextIRI = 'http://example.org/context';
     contextStore.addQuads([
         quad(namedNode(contextIRI), namedNode('http://example.org/requestingParty'), namedNode(requestingParty)),
@@ -37,5 +37,17 @@ export function createContext(request: UconRequest): Store {
     for (const accessMode of requestedAccessModes) {
         contextStore.addQuad(namedNode(contextIRI), namedNode('http://example.org/requestPermission'), namedNode(accessMode));
     }
+
+    for (const [claim, value] of Object.entries(claims ?? {})) {
+        if (typeof value !== 'string') {
+            console.log(`[Request.createContext]: Skipping claim ${claim} because only string values are supported.`);
+            continue; // TODO: support full RDF
+        }
+
+        let object;
+        try { object = namedNode(value) } catch { object = literal(value) }
+        contextStore.addQuad(namedNode(contextIRI), namedNode(claim), object);
+    }
+
     return contextStore;
 }