Struct DelegationApi 

pub struct DelegationApi;

DelegationApi

Requires auth.delegated_tokens.enabled = true in config.

Implementations

impl DelegationApi

pub async fn admin( cmd: DelegationAdminCommand, ) -> Result<DelegationAdminResponse, Error>

Execute explicit root-controlled delegation repair/prewarm operations.

impl DelegationApi

pub async fn store_proof( request: DelegationProofInstallRequest, kind: DelegationProvisionTargetKind, ) -> Result<(), Error>

impl DelegationApi

pub fn set_delegated_session_subject( delegated_subject: Principal, bootstrap_token: DelegatedToken, requested_ttl_secs: Option<u64>, ) -> Result<(), Error>

Persist a temporary delegated session subject for the caller wallet.

pub fn clear_delegated_session()

Remove the caller’s delegated session subject.

pub fn delegated_session_subject() -> Option<Principal>

Read the caller’s active delegated session subject, if configured.

pub fn prune_expired_delegated_sessions() -> usize

Prune all currently expired delegated sessions.

impl DelegationApi

pub fn verify_delegation_proof( proof: &DelegationProof, authority_pid: Principal, ) -> Result<(), Error>

Full delegation proof verification (structure + signature).

Purely local verification; does not read certified data or require a query context.

pub async fn issue_token( claims: DelegatedTokenClaims, ) -> Result<DelegatedToken, Error>

Issue a delegated token using a reusable local proof when possible.

If the proof is missing or no longer valid for the requested claims, this performs canonical shard-initiated setup and retries with the refreshed proof.

pub fn verify_token( token: &DelegatedToken, authority_pid: Principal, now_secs: u64, ) -> Result<(), Error>

Full delegated token verification (structure + signature).

Purely local verification; does not read certified data or require a query context.

pub fn verify_token_verified( token: &DelegatedToken, authority_pid: Principal, now_secs: u64, ) -> Result<(DelegatedTokenClaims, DelegationCert), Error>

Verify a delegated token and return verified contents.

This is intended for application-layer session construction. It performs full verification and returns verified claims and cert.

pub async fn request_delegation( request: DelegationRequest, ) -> Result<DelegationProvisionResponse, Error>

Canonical shard-initiated delegation request (user_shard -> root).

Caller must match shard_pid and be registered to the subnet.

pub async fn request_role_attestation( request: RoleAttestationRequest, ) -> Result<SignedRoleAttestation, Error>

pub async fn attestation_key_set() -> Result<AttestationKeySet, Error>

pub fn replace_attestation_key_set(key_set: AttestationKeySet)

pub async fn verify_role_attestation( attestation: &SignedRoleAttestation, min_accepted_epoch: u64, ) -> Result<(), Error>

impl DelegationApi

pub async fn request_delegation_root( request: DelegationRequest, ) -> Result<DelegationProvisionResponse, Error>

pub async fn request_role_attestation_root( request: RoleAttestationRequest, ) -> Result<SignedRoleAttestation, Error>