pub fn issue_token(
agent_id: Uuid,
owner: &str,
config: &TokenConfig,
) -> Result<String, Error>Expand description
Issue a short-lived JWT for an agent.
Note: These tokens use HS256 (symmetric HMAC) and are intended for agent-to-admin-API authentication ONLY. They MUST NOT be validated through the proxy’s OAuth middleware, which restricts to asymmetric algorithms (RS256, ES256, etc.) per FIX-008. The proxy’s OAuth path is for external IdP tokens.
If you need agents to authenticate to the proxy via OAuth, issue tokens from an external IdP that uses asymmetric signing, and configure it as an OAuth issuer.