Class CapabilityTokenGrant
- Namespace
- AsiBackbone.Core.CapabilityTokens
- Assembly
- AsiBackbone.Core.dll
Represents a provider-neutral, short-lived capability grant for follow-on governed execution.
public sealed class CapabilityTokenGrant- Inheritance
-
CapabilityTokenGrant
- Inherited Members
Remarks
The grant is a metadata model, not a bearer-token format. Hosts decide how this grant is serialized, transported, protected, and bound to their authentication and authorization systems.
Properties
AcknowledgmentId
Gets the acknowledgment identifier bound to the grant, when supplied.
public string? AcknowledgmentId { get; }Property Value
Audience
Gets the intended audience for the grant.
public string Audience { get; }Property Value
ExpiresUtc
Gets the UTC timestamp when the grant expires.
public DateTimeOffset ExpiresUtc { get; }Property Value
GatewayBinding
Gets the optional gateway binding used to limit execution context.
public string? GatewayBinding { get; }Property Value
HandshakeId
Gets the handshake identifier bound to the grant, when supplied.
public string? HandshakeId { get; }Property Value
HasAcknowledgmentReference
Gets a value indicating whether an acknowledgment reference is present.
public bool HasAcknowledgmentReference { get; }Property Value
HasHandshakeReference
Gets a value indicating whether a handshake reference is present.
public bool HasHandshakeReference { get; }Property Value
HasMetadata
Gets a value indicating whether additional metadata is present.
public bool HasMetadata { get; }Property Value
IssuedUtc
Gets the UTC timestamp when the grant was issued.
public DateTimeOffset IssuedUtc { get; }Property Value
Issuer
Gets the issuer that created the grant.
public string Issuer { get; }Property Value
Metadata
Gets provider-neutral metadata carried with the grant.
public IReadOnlyDictionary<string, string> Metadata { get; }Property Value
NotBeforeUtc
Gets the UTC timestamp before which the grant is not valid.
public DateTimeOffset? NotBeforeUtc { get; }Property Value
OperationName
Gets the operation name or action family the grant is intended to authorize.
public string? OperationName { get; }Property Value
PolicyHash
Gets the policy hash bound to the grant, when supplied.
public string? PolicyHash { get; }Property Value
PolicyVersion
Gets the policy version bound to the grant, when supplied.
public string? PolicyVersion { get; }Property Value
ResourceBinding
Gets the optional resource binding used to limit the target resource.
public string? ResourceBinding { get; }Property Value
SchemaVersion
Gets the canonical schema version for this grant.
public string SchemaVersion { get; }Property Value
Scopes
Gets the least-privilege scopes carried by the grant.
public IReadOnlyList<string> Scopes { get; }Property Value
SubjectId
Gets the host-defined subject identifier, when supplied.
public string? SubjectId { get; }Property Value
TokenId
Gets the stable grant identifier used for validation and replay checks.
public string TokenId { get; }Property Value
Methods
Create(string, string, string, IEnumerable<string>, DateTimeOffset, DateTimeOffset, DateTimeOffset?, string?, string?, string?, string?, string?, string?, string?, string?, IReadOnlyDictionary<string, string>?, string?)
Creates a provider-neutral capability grant.
public static CapabilityTokenGrant Create(string tokenId, string issuer, string audience, IEnumerable<string> scopes, DateTimeOffset issuedUtc, DateTimeOffset expiresUtc, DateTimeOffset? notBeforeUtc = null, string? subjectId = null, string? operationName = null, string? policyVersion = null, string? policyHash = null, string? acknowledgmentId = null, string? handshakeId = null, string? gatewayBinding = null, string? resourceBinding = null, IReadOnlyDictionary<string, string>? metadata = null, string? schemaVersion = null)Parameters
tokenIdstringissuerstringaudiencestringscopesIEnumerable<string>issuedUtcDateTimeOffsetexpiresUtcDateTimeOffsetnotBeforeUtcDateTimeOffset?subjectIdstringoperationNamestringpolicyVersionstringpolicyHashstringacknowledgmentIdstringhandshakeIdstringgatewayBindingstringresourceBindingstringmetadataIReadOnlyDictionary<string, string>schemaVersionstring