Function verify_token_local 

pub fn verify_token_local(
    token: &str,
    public_key: PublicKey,
    subject: &str,
    resource: &str,
    operation: &str,
) -> Result<(), TokenError>

Verifies a Biscuit authorization token locally without contacting the authorization server.

This function performs local verification of a Biscuit token using the provided public key. It validates that the token grants access to the specified resource for the given subject.

Arguments

• token - The base64-encoded Biscuit token string
• public_key - The public key used to verify the token signature
• subject - The subject (user) identifier to verify authorization for
• resource - The resource identifier to verify authorization against
• operation - The operation to verify authorization for

Returns

• Ok(()) - If the token is valid and grants access to the resource
• Err(TokenError) - If verification fails for any reason

Errors

Returns an error if:

• The token is malformed or cannot be parsed
• The token signature is invalid
• The token does not grant the required access rights
• The token has expired or other authorization checks fail