issuance

Module: issuance

Contents

Structs

• IssuanceRequest - Inputs the issuer needs to evaluate and sign a token.
• IssuanceResult - Successful issuance output.

Enums

• IssuanceError - Failure modes for the issuance pipeline.

Functions

• issue_capability - Evaluate the request against the loaded Cedar bundle and, on

---

firma_authority::issuance::IssuanceError

Enum

Failure modes for the issuance pipeline.

Variants:

• Denied{ reason: String, message: String } - Cedar evaluation refused to issue. Carries the structured reason
• Sign(String) - PASETO signing failed.

Traits: Error

Trait Implementations:

• Debug
  • fn fmt(self: &Self, f: & mut $crate::fmt::Formatter) -> $crate::fmt::Result
• Display
  • fn fmt(self: &Self, __formatter: & mut ::core::fmt::Formatter) -> ::core::fmt::Result

firma_authority::issuance::IssuanceRequest

Struct

Inputs the issuer needs to evaluate and sign a token.

Generic Parameters:

• ‘a

Fields:

• agent_id: &'a firma_core::AgentId
• session_id: &'a firma_core::SessionId
• requested_actions: &'a [String]
• resource_scope: &'a str
• requested_ttl_seconds: i32 - Requested TTL in seconds. 0 (or negative) means “use the configured maximum”.

firma_authority::issuance::IssuanceResult

Struct

Successful issuance output.

Fields:

• raw_token: String
• claims: firma_core::CapabilityClaims

Trait Implementations:

• Debug
  • fn fmt(self: &Self, f: & mut $crate::fmt::Formatter) -> $crate::fmt::Result

firma_authority::issuance::issue_capability

Function

Evaluate the request against the loaded Cedar bundle and, on allow, mint a signed PASETO v4 token.

Errors

Returns [IssuanceError::Denied] when Cedar denies, or [IssuanceError::Sign] when PASETO signing fails.

fn issue_capability(policy_store: &crate::cedar_loader::CedarPolicyStore, signer: &std::sync::Arc<firma_core::token::paseto::PasetoV4Signer>, max_ttl_seconds: i32, req: &IssuanceRequest) -> Result<IssuanceResult, IssuanceError>