Overview
Thegrants client manages authorization grants — the records that track which users have authorized which agents with which scopes. Grants also support delegation, where a parent agent can create a sub-grant for a child agent.
Access the grants client via client.grants.
Get
Retrieve a single grant by its ID:List
List grants with optional filters:ListGrantsParams
ListGrantsResponse
Revoke
Revoke a grant by its ID. This immediately invalidates the grant and any tokens issued under it:Delegate
Create a delegated sub-grant for a child agent. The sub-agent receives a subset of the parent grant’s scopes:Parameters
All parameters are keyword-only.Verify
Verify a grant token online against the Grantex API. The SDK uses the server-verified claims returned byPOST /v1/grants/verify — it does not decode the caller-supplied token locally, so forged or tampered tokens are always rejected by the server before any claim is surfaced. Raises GrantexTokenError if the server reports the token as inactive (revoked, expired, or unknown):
VerifiedGrant dataclass. See Offline Verification for the full field reference.
For local signature-and-claim verification without the online revocation
endpoint, use
verify_grant_token(). The
standalone helper still fetches the remote JWKS on every invocation.Grant Type
TheGrant frozen dataclass has the following fields: