Skip to main content

canic_core/dto/auth/
common.rs

1//! Module: dto::auth::common
2//!
3//! Responsibility: shared delegated-auth DTO atoms.
4//! Does not own: validation, canonicalization, or authorization policy.
5//! Boundary: passive fields reused by auth proof, token, and renewal DTOs.
6
7use crate::dto::prelude::*;
8
9//
10// DelegationAudience
11//
12
13#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
14pub enum DelegationAudience {
15    Canister(Principal),
16    CanicSubnet(Principal),
17    Project(String),
18}
19
20//
21// DelegatedRoleGrant
22//
23
24#[derive(CandidType, Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
25pub struct DelegatedRoleGrant {
26    pub target: CanisterRole,
27    pub scopes: Vec<String>,
28}
29
30//
31// AuthRequestMetadata
32//
33
34#[derive(CandidType, Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
35pub struct AuthRequestMetadata {
36    pub request_id: [u8; 32],
37    pub ttl_ns: u64,
38}