ConsentFlow Overview

The Consent Flow system allows organizations to create contracts that users can consent to, enabling controlled data sharing and credential issuance.

ConsentFlow contracts can also read and share My Skill Profile verifiable data fields such as Goals, Professional Title, Role Experience, Work Experience, Pay Rate, Work Life Balance, Job Stability, and Self-Assigned Skills. See Verifiable Data in ConsentFlow for details.

Architecture

The Consent Flow Contract system manages permissions and data sharing between profiles using a graph-based data model. It tracks what data can be shared, who has consented to share it, and maintains a transaction history of all consent-related activities.

The system consists of the following key components:

Profiles: Users who create contracts or consent to contracts
Contracts: Define data access requirements and permissions
Terms: Record a profile's consent to a contract with specific sharing preferences
Transactions: Record actions related to terms (consent, withdraw, update, sync, write)
Credentials: Can be issued or synced through contract consent
Auto-Boosts: Credentials automatically issued when a user consents to a contract

ConsentFlow Process

When a profile consents to a contract, the following steps occur:

The consent flow includes:

Verifying the terms are valid for the contract
Creating a terms record with status (live/stale)
Recording a consent transaction
Processing any auto-boosts (if configured)
Notifying the contract owner

Options when consenting:

expiresAt: Date when the consent expires
oneTime: If true, marks terms as "stale" after consent

App Store Integration Contracts

App Store listings can have a configured consent contract that simplifies the consent flow for embedded applications. Instead of managing contract URIs in your code, you configure the contract once in your App Store listing, and the SDK automatically resolves it at runtime.

How It Works

┌─────────────────┐     ┌──────────────────┐     ┌─────────────────┐
│  Embedded App   │────▶│  LearnCard Host  │────▶│  App Listing    │
│                 │     │                  │     │                 │
│ requestConsent()│     │  Resolve contract│     │  Integration    │
│  (no contractUri)│    │  from listing    │     │  Config         │
└─────────────────┘     └──────────────────┘     └─────────────────┘
                                                          │
                                                          ▼
                                                   ┌─────────────────┐
                                                   │  ConsentFlow    │
                                                   │  Contract       │
                                                   └─────────────────┘

The Resolution Flow:

Embedded app calls requestConsent() without a contractUri
LearnCard host identifies the current app from the iframe context
Host looks up the app's listing integration configuration
Configured contract is retrieved and used for the consent request
User sees the standard consent modal with the contract terms

Benefits

Simplified Code - No need to hardcode or manage contract URIs
Consistent Terms - All users consent to the same contract
Easy Updates - Change the contract in your listing without code changes
Environment Flexibility - Different contracts for staging/production

Configuration

To configure a contract for your App Store listing:

Go to your app listing in the LearnCard Developer Portal
Navigate to the Integration tab
Select a Consent Contract from your existing contracts
Save the configuration

Once configured, your embedded app can request consent without specifying the contract:

// The contract is automatically resolved from your listing
const result = await learnCard.requestConsent();

if (result.granted) {
    // User has consented to your configured contract
    proceedWithDataAccess();
}

Comparison: With vs Without Configured Contract

Without Configured Contract (External Apps):

// You must manage the contract URI
const CONTRACT_URI = 'lc:network:network.learncard.com/trpc:contract:abc123';

async function requestDataAccess() {
    const result = await learnCard.requestConsent(CONTRACT_URI);
    return result.granted;
}

With Configured Contract (App Store Apps):

// Contract is resolved automatically from listing
async function requestDataAccess() {
    const result = await learnCard.requestConsent();
    return result.granted;
}

Use Cases

AI Tutor Apps

Configure a contract that grants access to credentials and learning history
Use requestConsent() followed by requestLearnerContext() for AI personalization

Data Visualization Apps

Configure a contract for accessing credential data
Build dashboards without hardcoding contract references

Multi-Environment Workflows

Different contracts for development, staging, and production
Same code works across all environments

Prerequisites

Your app must be published in the LearnCard App Store
You must have created a ConsentFlow contract
The contract must be linked in your listing's integration settings

If your listing doesn't have a configured contract and you call requestConsent() without a contractUri, the request will fail with an error indicating no contract is configured.

PreviousConsent & Permissions NextConsent Contracts

Last updated 3 days ago

Was this helpful?