pub struct DelegateStep {
pub plugin_name: String,
pub config_override: Option<Value>,
pub on_error: Option<String>,
pub source: String,
}Expand description
One delegation invocation inside policy: or post_policy:.
At runtime the apl-cpex DelegationInvoker constructs a
cpex_core::delegation::DelegationPayload from
- the inbound bearer token (pulled from
Extensions.raw_credentials.inbound_tokens), - this step’s
args(target / audience / permissions / mode / attenuation, layered over the plugin’s configured defaults), - extensions-derived context (subject, prior delegation chain),
then calls manager.invoke_entries::<TokenDelegateHook>(...). On
success the resulting delegated_token is written into
Extensions.raw_credentials.delegated_tokens.* and the granted
scopes / audience surface as delegation.granted.* attributes
in the policy bag for downstream rules to inspect.
args is a free-form map because each delegation backend has its
own typed config shape; apl-core treats it as opaque and hands it
to the plugin via the existing per-call config-override pathway.
§Multiple delegate(...) in one phase (most-recent-wins)
Multiple delegate(...) steps in the same phase are supported —
each fires independently, each contributes to Extensions
(raw_credentials.delegated_tokens is a HashMap keyed on
audience+scope+mode so tokens accumulate; delegation.chain
grows with each hop). But the delegation.granted.* bag keys
are overwritten on each call — only the most recent
delegate’s grants are queryable from downstream require(...)
rules.
For fan-out flows that need multiple independently-queryable
grants, split into policy: + post_policy: or reach for a
future per-step as: alias (not in v0; see the design doc’s
“Open design questions” section).
Fields§
§plugin_name: StringPlugin name — must reference an entry in the top-level
plugins: block that registers under the token.delegate
hook.
config_override: Option<Value>Per-call config overrides applied for this delegation only.
Layered on top of the plugin’s default config; the framework’s
build_override_entries plumbing handles the merge.
Common keys: target, audience, permissions, mode,
attenuation. Schema is plugin-defined.
on_error: Option<String>deny | continue — what to do when the plugin returns a
deny (e.g. IdP refusal, network error). None defaults to
"deny" (fail-closed; matches PDP step semantics).
source: StringHuman-readable source path (e.g.
"route.get_compensation.policy[2]") — used in audit and
Decision::Deny.rule_source when the step denies.
Trait Implementations§
Source§impl Clone for DelegateStep
impl Clone for DelegateStep
Source§fn clone(&self) -> DelegateStep
fn clone(&self) -> DelegateStep
1.0.0 (const: unstable) · Source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source. Read moreSource§impl Debug for DelegateStep
impl Debug for DelegateStep
Source§impl<'de> Deserialize<'de> for DelegateStep
impl<'de> Deserialize<'de> for DelegateStep
Source§fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>where
__D: Deserializer<'de>,
fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>where
__D: Deserializer<'de>,
Source§impl PartialEq for DelegateStep
impl PartialEq for DelegateStep
Source§fn eq(&self, other: &DelegateStep) -> bool
fn eq(&self, other: &DelegateStep) -> bool
self and other values to be equal, and is used by ==.