Expand description
Auth access checks.
This bucket includes:
- caller identity checks (controller/whitelist)
- topology checks (parent/child/root/same canister)
- registry-based role checks
- delegated token verification
Security invariants for delegated tokens:
- Delegated tokens are only valid if their proof matches the currently stored delegation proof.
- Delegation rotation invalidates all previously issued delegated tokens.
- All temporal validation (iat/exp/now) is enforced before access is granted.
Functions§
- authenticated
- Verify a delegated token read from the ingress payload.
- has_
role - Require that the caller is registered with the expected canister role.
- is_
child - Require that the caller is a direct child of the current canister.
- is_
controller - Require that the caller controls the current canister. Allows controller-only maintenance calls.
- is_
parent - Require that the caller is the configured parent canister.
- is_
registered_ to_ subnet - Ensure the caller matches the app directory entry recorded for
role. Require that the caller is registered as a canister on this subnet. - is_root
- Require that the caller equals the configured root canister.
- is_
same_ canister - Require that the caller is the currently executing canister.
- is_
whitelisted - Require that the caller appears in the active whitelist (IC deployments). No-op on local builds; enforces whitelist on IC.