Struct AuthApi 

pub struct AuthApi;

AuthApi

Owns delegated-token helpers and root-signed role-attestation helpers.

Implementations

impl AuthApi

pub fn set_delegated_session_subject( delegated_subject: Principal, bootstrap_token: DelegatedToken, requested_ttl_secs: Option<u64>, ) -> Result<(), Error>

Persist a temporary delegated session subject for the caller wallet.

pub fn clear_delegated_session()

Remove the caller’s delegated session subject.

pub fn delegated_session_subject() -> Option<Principal>

Read the caller’s active delegated session subject, if configured.

pub fn prune_expired_delegated_sessions() -> usize

Prune all currently expired delegated sessions.

impl AuthApi

pub async fn local_shard_public_key_sec1() -> Result<Vec<u8>, Error>

Resolve the local shard public key in SEC1 encoding.

pub async fn issue_token( request: DelegatedTokenIssueRequest, ) -> Result<DelegatedToken, Error>

Issue a delegated token from an explicit self-contained proof.

pub async fn mint_token( request: DelegatedTokenMintRequest, ) -> Result<DelegatedToken, Error>

Request a root proof, then issue a self-contained delegated token.

pub fn verify_token( token: &DelegatedToken, max_cert_ttl_secs: u64, max_token_ttl_secs: u64, required_scopes: &[String], now_secs: u64, ) -> Result<(), Error>

Full delegated token verification without verifier-local proof lookup.

pub async fn request_delegation( request: DelegationProofIssueRequest, ) -> Result<DelegationProof, Error>

Request a self-contained delegation proof from root over RPC.

pub async fn issue_delegation_proof( request: DelegationProofIssueRequest, ) -> Result<DelegationProof, Error>

Issue a self-contained delegation proof from the local root.

pub async fn request_role_attestation( request: RoleAttestationRequest, ) -> Result<SignedRoleAttestation, Error>

Request a signed role attestation from root over RPC.

pub async fn attestation_key_set() -> Result<AttestationKeySet, Error>

Return the current root role-attestation key set.

pub async fn publish_root_auth_material() -> Result<(), Error>

Publish root auth material into subnet state and warm root-owned keys once.

pub fn replace_attestation_key_set(key_set: AttestationKeySet)

Replace the verifier-local role-attestation key set.

pub async fn verify_role_attestation( attestation: &SignedRoleAttestation, min_accepted_epoch: u64, ) -> Result<(), Error>

Verify a role attestation, refreshing root keys once on unknown key.

impl AuthApi

pub async fn request_role_attestation_root( request: RoleAttestationRequest, ) -> Result<SignedRoleAttestation, Error>