Struct DelegationApi 

pub struct DelegationApi;

DelegationApi

Requires auth.delegated_tokens.enabled = true in config.

Implementations

impl DelegationApi

pub async fn admin( cmd: DelegationAdminCommand, ) -> Result<DelegationAdminResponse, Error>

Execute explicit root-controlled delegation repair/prewarm operations.

impl DelegationApi

pub async fn store_proof( request: DelegationProofInstallRequest, kind: DelegationProvisionTargetKind, ) -> Result<(), Error>

impl DelegationApi

pub fn set_delegated_session_subject( delegated_subject: Principal, bootstrap_token: DelegatedToken, requested_ttl_secs: Option<u64>, ) -> Result<(), Error>

Persist a temporary delegated session subject for the caller wallet.

pub fn clear_delegated_session()

Remove the caller’s delegated session subject.

pub fn delegated_session_subject() -> Option<Principal>

Read the caller’s active delegated session subject, if configured.

pub fn prune_expired_delegated_sessions() -> usize

Prune all currently expired delegated sessions.

impl DelegationApi

pub fn verify_delegation_proof( proof: &DelegationProof, authority_pid: Principal, ) -> Result<(), Error>

Full delegation proof verification (structure + signature).

Purely local verification; does not read certified data or require a query context.

pub fn has_signing_proof() -> bool

Return whether this canister currently has a local signing proof.

pub async fn local_shard_public_key_sec1() -> Result<Vec<u8>, Error>

Resolve the local shard public key in SEC1 encoding.

pub async fn issue_token( claims: DelegatedTokenClaims, ) -> Result<DelegatedToken, Error>

Issue a delegated token using a reusable local proof when possible.

If the proof is missing or no longer valid for the requested claims, this performs canonical shard-initiated setup and retries with the refreshed proof.

pub fn verify_token( token: &DelegatedToken, authority_pid: Principal, now_secs: u64, ) -> Result<(), Error>

Full delegated token verification (structure + signature).

Purely local verification; does not read certified data or require a query context.

pub fn verify_token_verified( token: &DelegatedToken, authority_pid: Principal, now_secs: u64, ) -> Result<(DelegatedTokenClaims, DelegationCert), Error>

Verify a delegated token and return verified contents.

This is intended for application-layer session construction. It performs full verification and returns verified claims and cert.

pub fn verify_token_for_caller( token: &DelegatedToken, authority_pid: Principal, now_secs: u64, ) -> Result<(DelegatedTokenClaims, DelegationCert), Error>

Verify a delegated token and require its subject to match msg_caller().

This issuer-side helper does not require the old token audience to include the local signer, which allows stale-audience reissue flows.

pub async fn reissue_token<A>( token: DelegatedToken, aud: A, ) -> Result<DelegatedToken, Error>

where A: IntoIterator, A::Item: Borrow<Principal>,

Reissue a caller-bound token for a new audience without extending expiry.

Scopes and ext are preserved. The replacement expiry is capped at the old token expiry, so this refreshes audience only and does not renew the session.

pub async fn ensure_token<A>( token: Option<DelegatedToken>, aud: A, ) -> Result<DelegatedToken, Error>

where A: IntoIterator, A::Item: Borrow<Principal>,

Ensure the caller has a valid delegated token for the requested audience.

With no token, this mints a default verify-scoped token for msg_caller(). With a caller-bound token, this returns it unchanged when it already covers the audience or reissues it without extending expiry.

pub async fn reissue_token_from_verified( old_claims: DelegatedTokenClaims, replacement_claims: DelegatedTokenClaims, ) -> Result<DelegatedToken, Error>

Reissue a token from previously verified claims and proposed claims.

CANIC enforces same sub, same shard_pid, no expiry extension, and a default scope-subset rule.

pub async fn request_delegation( request: DelegationRequest, ) -> Result<DelegationProvisionResponse, Error>

Canonical shard-initiated delegation request (user_shard -> root).

Caller must match shard_pid and be registered to the subnet.

pub async fn request_role_attestation( request: RoleAttestationRequest, ) -> Result<SignedRoleAttestation, Error>

pub async fn attestation_key_set() -> Result<AttestationKeySet, Error>

pub async fn prewarm_root_key_material() -> Result<(), Error>

Warm the root delegation and attestation key caches once.

pub fn replace_attestation_key_set(key_set: AttestationKeySet)

pub async fn verify_role_attestation( attestation: &SignedRoleAttestation, min_accepted_epoch: u64, ) -> Result<(), Error>

impl DelegationApi

pub async fn request_delegation_root( request: DelegationRequest, ) -> Result<DelegationProvisionResponse, Error>

pub async fn request_role_attestation_root( request: RoleAttestationRequest, ) -> Result<SignedRoleAttestation, Error>