User Grant
This guide shows how to manage user Pure Grants.
Pure Grant is a token that is designed to provide secure access to user's encrypted data during their active session. It is generated during user's sign in process and is used to perform sharing of encryped data.
Before you begin
To start working with Pure Grant make sure that you:
Generate Pure Grant
Pure Grant has the following structure:
PureGrant(ukp: UserKeyPair!, userId: String!, sessionId: String!, creationDate: Date!, expirationDate: Date!)
After Pure Grant is generated, it is encrypted with your application auth_key
(AK), and then sent to your end user.
Users themselves are responsible for storing Pure Grant during session and discarding (deleting) it after session expiration.
Note! Pure Grant is not stored anywhere in db and is only stored in server's RAM during user's query.
Generate Pure Grant as admin
In order to generate a Pure Grant without having a user password, you can use the createUserGrantAsAdmin(userId, bupsk)
function:
PureGrant pureGrant = pure.createUserGrantAsAdmin(userId, bupsk);
It allows you to create Pure Grant using admin backup_keypair
(BUPKP).
Decrypt Pure Grant
To decrypt encrypted Pure Grant, that was stored on the client side, use the decryptGrantFromUser(encryptedGrantString)
function:
PureGrant pureGrant = pure.decryptGrantFromUser(encryptedGrantString);
Invalidate Pure Grant
To invalidate an existing encrypted user Grant use the invalidateEncryptedUserGrant(encryptedGrantString)
function:
pure.invalidateEncryptedUserGrant(encryptedGrantString);