token/delegation/delegation.go

// Package delegation implements the UCAN [delegation] specification with
// an immutable Token type as well as methods to convert the Token to and
// from the [envelope]-enclosed, signed and DAG-CBOR-encoded form that
// should most commonly be used for transport and storage.
//
// [delegation]: https://github.com/ucan-wg/delegation/tree/v1_ipld
// [envelope]: https://github.com/ucan-wg/spec#envelope
package delegation

// TODO: change the "delegation" link above when the specification is merged

import (
	"errors"
	"fmt"
	"time"

	"github.com/ucan-wg/go-ucan/did"
	"github.com/ucan-wg/go-ucan/pkg/command"
	"github.com/ucan-wg/go-ucan/pkg/meta"
	"github.com/ucan-wg/go-ucan/pkg/policy"
	"github.com/ucan-wg/go-ucan/pkg/policy/limits"
	"github.com/ucan-wg/go-ucan/token/internal/nonce"
	"github.com/ucan-wg/go-ucan/token/internal/parse"
)

// Token is an immutable type that holds the fields of a UCAN delegation.
type Token struct {
	// Issuer DID (sender)
	issuer did.DID
	// Audience DID (receiver)
	audience did.DID
	// Principal that the chain is about (the Subject)
	subject did.DID
	// The Command to eventually invoke
	command command.Command
	// The delegation policy
	policy policy.Policy
	// A unique, random nonce
	nonce []byte
	// Arbitrary Metadata
	meta *meta.Meta
	// "Not before" UTC Unix Timestamp in seconds (valid from), 53-bits integer
	notBefore *time.Time
	// The timestamp at which the Invocation becomes invalid
	expiration *time.Time
}

// New creates a validated Token from the provided parameters and options.
//
// When creating a delegated token, the Issuer's (iss) DID is assembled
// using the public key associated with the private key sent as the first
// parameter.
func New(iss, aud did.DID, cmd command.Command, pol policy.Policy, opts ...Option) (*Token, error) {
	tkn := &Token{
		issuer:   iss,
		audience: aud,
		subject:  did.Undef,
		command:  cmd,
		policy:   pol,
		meta:     meta.NewMeta(),
		nonce:    nil,
	}

	for _, opt := range opts {
		if err := opt(tkn); err != nil {
			return nil, err
		}
	}

	var err error
	if len(tkn.nonce) == 0 {
		tkn.nonce, err = nonce.Generate()
		if err != nil {
			return nil, err
		}
	}

	if err := tkn.validate(); err != nil {
		return nil, err
	}

	return tkn, nil
}

// Root creates a validated UCAN delegation Token from the provided
// parameters and options.
//
// When creating a root token, both the Issuer's (iss) and Subject's
// (sub) DIDs are assembled from the public key associated with the
// private key passed as the first argument.
func Root(iss, aud did.DID, cmd command.Command, pol policy.Policy, opts ...Option) (*Token, error) {
	opts = append(opts, WithSubject(iss))

	return New(iss, aud, cmd, pol, opts...)
}

// Issuer returns the did.DID representing the Token's issuer.
func (t *Token) Issuer() did.DID {
	return t.issuer
}

// Audience returns the did.DID representing the Token's audience.
func (t *Token) Audience() did.DID {
	return t.audience
}

// Subject returns the did.DID representing the Token's subject.
//
// This field may be did.Undef for delegations that are [Powerlined] but
// must be equal to the value returned by the Issuer method for root
// tokens.
func (t *Token) Subject() did.DID {
	return t.subject
}

// Command returns the capability's command.Command.
func (t *Token) Command() command.Command {
	return t.command
}

// Policy returns the capability's policy.Policy.
func (t *Token) Policy() policy.Policy {
	return t.policy
}

// Nonce returns the random Nonce encapsulated in this Token.
func (t *Token) Nonce() []byte {
	return t.nonce
}

// Meta returns the Token's metadata.
func (t *Token) Meta() meta.ReadOnly {
	return t.meta.ReadOnly()
}

// NotBefore returns the time at which the Token becomes "active".
func (t *Token) NotBefore() *time.Time {
	return t.notBefore
}

// Expiration returns the time at which the Token expires.
func (t *Token) Expiration() *time.Time {
	return t.expiration
}

// IsValidNow verifies that the token can be used at the current time, based on expiration or "not before" fields.
// This does NOT do any other kind of verifications.
func (t *Token) IsValidNow() bool {
	return t.IsValidAt(time.Now())
}

// IsValidNow verifies that the token can be used at the given time, based on expiration or "not before" fields.
// This does NOT do any other kind of verifications.
func (t *Token) IsValidAt(ti time.Time) bool {
	if t.expiration != nil && ti.After(*t.expiration) {
		return false
	}
	if t.notBefore != nil && ti.Before(*t.notBefore) {
		return false
	}
	return true
}

func (t *Token) validate() error {
	var errs error

	requiredDID := func(id did.DID, fieldname string) {
		if !id.Defined() {
			errs = errors.Join(errs, fmt.Errorf(`a valid did is required for %s: %s`, fieldname, id.String()))
		}
	}

	requiredDID(t.issuer, "Issuer")
	requiredDID(t.audience, "Audience")

	if len(t.nonce) < 12 {
		errs = errors.Join(errs, fmt.Errorf("token nonce too small"))
	}

	if t.notBefore != nil {
		if err := validateTimestamp(t.notBefore.Unix(), "nbf"); err != nil {
			errs = errors.Join(errs, err)
		}
	}

	if t.expiration != nil {
		if err := validateTimestamp(t.expiration.Unix(), "exp"); err != nil {
			errs = errors.Join(errs, err)
		}
	}

	return errs
}

// tokenFromModel build a decoded view of the raw IPLD data.
// This function also serves as validation.
func tokenFromModel(m tokenPayloadModel) (*Token, error) {
	var (
		tkn Token
		err error
	)

	tkn.issuer, err = did.Parse(m.Iss)
	if err != nil {
		return nil, fmt.Errorf("parse iss: %w", err)
	}

	if tkn.audience, err = did.Parse(m.Aud); err != nil {
		return nil, fmt.Errorf("parse audience: %w", err)
	}

	if tkn.subject, err = parse.OptionalDID(m.Sub); err != nil {
		return nil, fmt.Errorf("parse subject: %w", err)
	}

	if tkn.command, err = command.Parse(m.Cmd); err != nil {
		return nil, fmt.Errorf("parse command: %w", err)
	}

	if tkn.policy, err = policy.FromIPLD(m.Pol); err != nil {
		return nil, fmt.Errorf("parse policy: %w", err)
	}

	if len(m.Nonce) == 0 {
		return nil, fmt.Errorf("nonce is required")
	}
	tkn.nonce = m.Nonce

	tkn.meta = m.Meta

	tkn.notBefore = parse.OptionalTimestamp(m.Nbf)
	tkn.expiration = parse.OptionalTimestamp(m.Exp)

	if err := tkn.validate(); err != nil {
		return nil, err
	}

	return &tkn, nil
}

func validateTimestamp(ts int64, field string) error {
	if ts > limits.MaxInt53 || ts < limits.MinInt53 {
		return fmt.Errorf("token %s timestamp %d exceeds safe integer bounds", field, ts)
	}

	return nil
}
docs: finish Go docs for CID and delegation.Token 2024-09-24 08:20:42 -04:00			`// Package delegation implements the UCAN [delegation] specification with`
			`// an immutable Token type as well as methods to convert the Token to and`
			`// from the [envelope]-enclosed, signed and DAG-CBOR-encoded form that`
			`// should most commonly be used for transport and storage.`
			`//`
			`// [delegation]: https://github.com/ucan-wg/delegation/tree/v1_ipld`
			`// [envelope]: https://github.com/ucan-wg/spec#envelope`
delegation: first import with rough IPLD round-trip 2024-08-30 22:06:59 +02:00			`package delegation`

docs: finish Go docs for CID and delegation.Token 2024-09-24 08:20:42 -04:00			`// TODO: change the "delegation" link above when the specification is merged`

delegation: first import with rough IPLD round-trip 2024-08-30 22:06:59 +02:00			`import (`
feat(delegation): copy Option plus New and Root constructors from the envelope branch 2024-09-18 15:48:07 -04:00			`"errors"`
delegation: first import with rough IPLD round-trip 2024-08-30 22:06:59 +02:00			`"fmt"`
			`"time"`

fix import paths 2024-09-05 18:49:01 +02:00			`"github.com/ucan-wg/go-ucan/did"`
feat: reorganize packages 2024-09-24 11:40:28 -04:00			`"github.com/ucan-wg/go-ucan/pkg/command"`
delegation: use the fancy Meta 2024-09-19 10:48:25 +02:00			`"github.com/ucan-wg/go-ucan/pkg/meta"`
feat: reorganize packages 2024-09-24 11:40:28 -04:00			`"github.com/ucan-wg/go-ucan/pkg/policy"`
validate token timestamps integer limits 2024-12-02 11:37:03 +01:00			`"github.com/ucan-wg/go-ucan/pkg/policy/limits"`
token: move nonce generation to a shared space 2024-11-12 10:38:25 +01:00			`"github.com/ucan-wg/go-ucan/token/internal/nonce"`
invocation: round of cleanups/fixes 2024-11-05 17:39:39 +01:00			`"github.com/ucan-wg/go-ucan/token/internal/parse"`
delegation: first import with rough IPLD round-trip 2024-08-30 22:06:59 +02:00			`)`

docs: finish Go docs for CID and delegation.Token 2024-09-24 08:20:42 -04:00			`// Token is an immutable type that holds the fields of a UCAN delegation.`
feat(delegation): Rename View -> Token and make immutable (unexported fields and accessors) 2024-09-18 14:21:53 -04:00			`type Token struct {`
delegation: first import with rough IPLD round-trip 2024-08-30 22:06:59 +02:00			`// Issuer DID (sender)`
feat(delegation): Rename View -> Token and make immutable (unexported fields and accessors) 2024-09-18 14:21:53 -04:00			`issuer did.DID`
delegation: first import with rough IPLD round-trip 2024-08-30 22:06:59 +02:00			`// Audience DID (receiver)`
feat(delegation): Rename View -> Token and make immutable (unexported fields and accessors) 2024-09-18 14:21:53 -04:00			`audience did.DID`
delegation: first import with rough IPLD round-trip 2024-08-30 22:06:59 +02:00			`// Principal that the chain is about (the Subject)`
feat(delegation): Rename View -> Token and make immutable (unexported fields and accessors) 2024-09-18 14:21:53 -04:00			`subject did.DID`
delegation: first import with rough IPLD round-trip 2024-08-30 22:06:59 +02:00			`// The Command to eventually invoke`
delegation: tune the validation step - avoid a double parsing when the flow already parsed (command, policy) - don't require a did:key, as other types are legal (but might require a resolver, TODO) - make the command a struct instead of a pointer: we don't need to avoid copy, and the pointer can be interpreted as nil - make the nonce parameter optional, but generate one if none is given 2024-09-19 11:16:33 +02:00			`command command.Command`
delegation: first import with rough IPLD round-trip 2024-08-30 22:06:59 +02:00			`// The delegation policy`
feat(delegation): Rename View -> Token and make immutable (unexported fields and accessors) 2024-09-18 14:21:53 -04:00			`policy policy.Policy`
delegation: first import with rough IPLD round-trip 2024-08-30 22:06:59 +02:00			`// A unique, random nonce`
feat(delegation): Rename View -> Token and make immutable (unexported fields and accessors) 2024-09-18 14:21:53 -04:00			`nonce []byte`
delegation: first import with rough IPLD round-trip 2024-08-30 22:06:59 +02:00			`// Arbitrary Metadata`
delegation: use the fancy Meta 2024-09-19 10:48:25 +02:00			`meta *meta.Meta`
delegation: first import with rough IPLD round-trip 2024-08-30 22:06:59 +02:00			`// "Not before" UTC Unix Timestamp in seconds (valid from), 53-bits integer`
feat(delegation): Rename View -> Token and make immutable (unexported fields and accessors) 2024-09-18 14:21:53 -04:00			`notBefore *time.Time`
delegation: first import with rough IPLD round-trip 2024-08-30 22:06:59 +02:00			`// The timestamp at which the Invocation becomes invalid`
feat(delegation): Rename View -> Token and make immutable (unexported fields and accessors) 2024-09-18 14:21:53 -04:00			`expiration *time.Time`
			`}`

feat(delegation): copy Option plus New and Root constructors from the envelope branch 2024-09-18 15:48:07 -04:00			`// New creates a validated Token from the provided parameters and options.`
docs(delegation): add examples for New(), Root() and delegation.Token.FromSeald() 2024-09-24 15:31:34 -04:00			`//`
various sanding everywhere towards building the tookit 2024-11-20 12:34:24 +01:00			`// When creating a delegated token, the Issuer's (iss) DID is assembled`
docs(delegation): add examples for New(), Root() and delegation.Token.FromSeald() 2024-09-24 15:31:34 -04:00			`// using the public key associated with the private key sent as the first`
			`// parameter.`
delegation: WIP harmonisation of the constructors, issuer verification 2024-11-20 15:59:13 +01:00			`func New(iss, aud did.DID, cmd command.Command, pol policy.Policy, opts ...Option) (*Token, error) {`
feat(delegation): copy Option plus New and Root constructors from the envelope branch 2024-09-18 15:48:07 -04:00			`tkn := &Token{`
			`issuer: iss,`
			`audience: aud,`
			`subject: did.Undef,`
			`command: cmd,`
			`policy: pol,`
delegation: use the fancy Meta 2024-09-19 10:48:25 +02:00			`meta: meta.NewMeta(),`
delegation: tune the validation step - avoid a double parsing when the flow already parsed (command, policy) - don't require a did:key, as other types are legal (but might require a resolver, TODO) - make the command a struct instead of a pointer: we don't need to avoid copy, and the pointer can be interpreted as nil - make the nonce parameter optional, but generate one if none is given 2024-09-19 11:16:33 +02:00			`nonce: nil,`
feat(delegation): copy Option plus New and Root constructors from the envelope branch 2024-09-18 15:48:07 -04:00			`}`

			`for _, opt := range opts {`
			`if err := opt(tkn); err != nil {`
			`return nil, err`
			`}`
			`}`

delegation: WIP harmonisation of the constructors, issuer verification 2024-11-20 15:59:13 +01:00			`var err error`
delegation: tune the validation step - avoid a double parsing when the flow already parsed (command, policy) - don't require a did:key, as other types are legal (but might require a resolver, TODO) - make the command a struct instead of a pointer: we don't need to avoid copy, and the pointer can be interpreted as nil - make the nonce parameter optional, but generate one if none is given 2024-09-19 11:16:33 +02:00			`if len(tkn.nonce) == 0 {`
token: move nonce generation to a shared space 2024-11-12 10:38:25 +01:00			`tkn.nonce, err = nonce.Generate()`
delegation: tune the validation step - avoid a double parsing when the flow already parsed (command, policy) - don't require a did:key, as other types are legal (but might require a resolver, TODO) - make the command a struct instead of a pointer: we don't need to avoid copy, and the pointer can be interpreted as nil - make the nonce parameter optional, but generate one if none is given 2024-09-19 11:16:33 +02:00			`if err != nil {`
			`return nil, err`
			`}`
			`}`

feat(delegation): copy Option plus New and Root constructors from the envelope branch 2024-09-18 15:48:07 -04:00			`if err := tkn.validate(); err != nil {`
			`return nil, err`
			`}`

			`return tkn, nil`
			`}`

docs(delegation): add examples for New(), Root() and delegation.Token.FromSeald() 2024-09-24 15:31:34 -04:00			`// Root creates a validated UCAN delegation Token from the provided`
			`// parameters and options.`
			`//`
			`// When creating a root token, both the Issuer's (iss) and Subject's`
			`// (sub) DIDs are assembled from the public key associated with the`
			`// private key passed as the first argument.`
delegation: WIP harmonisation of the constructors, issuer verification 2024-11-20 15:59:13 +01:00			`func Root(iss, aud did.DID, cmd command.Command, pol policy.Policy, opts ...Option) (*Token, error) {`
			`opts = append(opts, WithSubject(iss))`
feat(delegation): copy Option plus New and Root constructors from the envelope branch 2024-09-18 15:48:07 -04:00
delegation: WIP harmonisation of the constructors, issuer verification 2024-11-20 15:59:13 +01:00			`return New(iss, aud, cmd, pol, opts...)`
feat(delegation): copy Option plus New and Root constructors from the envelope branch 2024-09-18 15:48:07 -04:00			`}`

feat(delegation): Rename View -> Token and make immutable (unexported fields and accessors) 2024-09-18 14:21:53 -04:00			`// Issuer returns the did.DID representing the Token's issuer.`
			`func (t *Token) Issuer() did.DID {`
			`return t.issuer`
			`}`

			`// Audience returns the did.DID representing the Token's audience.`
			`func (t *Token) Audience() did.DID {`
			`return t.audience`
			`}`

			`// Subject returns the did.DID representing the Token's subject.`
			`//`
			`// This field may be did.Undef for delegations that are [Powerlined] but`
			`// must be equal to the value returned by the Issuer method for root`
			`// tokens.`
			`func (t *Token) Subject() did.DID {`
			`return t.subject`
			`}`

			`// Command returns the capability's command.Command.`
delegation: tune the validation step - avoid a double parsing when the flow already parsed (command, policy) - don't require a did:key, as other types are legal (but might require a resolver, TODO) - make the command a struct instead of a pointer: we don't need to avoid copy, and the pointer can be interpreted as nil - make the nonce parameter optional, but generate one if none is given 2024-09-19 11:16:33 +02:00			`func (t *Token) Command() command.Command {`
feat(delegation): Rename View -> Token and make immutable (unexported fields and accessors) 2024-09-18 14:21:53 -04:00			`return t.command`
			`}`

			`// Policy returns the capability's policy.Policy.`
			`func (t *Token) Policy() policy.Policy {`
			`return t.policy`
			`}`

			`// Nonce returns the random Nonce encapsulated in this Token.`
			`func (t *Token) Nonce() []byte {`
			`return t.nonce`
			`}`

			`// Meta returns the Token's metadata.`
meta: make a read-only version to enforce token immutability 2024-11-06 15:17:35 +01:00			`func (t *Token) Meta() meta.ReadOnly {`
			`return t.meta.ReadOnly()`
feat(delegation): Rename View -> Token and make immutable (unexported fields and accessors) 2024-09-18 14:21:53 -04:00			`}`

			`// NotBefore returns the time at which the Token becomes "active".`
			`func (t Token) NotBefore() time.Time {`
			`return t.notBefore`
			`}`

			`// Expiration returns the time at which the Token expires.`
			`func (t Token) Expiration() time.Time {`
			`return t.expiration`
delegation: first import with rough IPLD round-trip 2024-08-30 22:06:59 +02:00			`}`

wip API exploration 2024-10-18 10:48:47 +02:00			`// IsValidNow verifies that the token can be used at the current time, based on expiration or "not before" fields.`
			`// This does NOT do any other kind of verifications.`
			`func (t *Token) IsValidNow() bool {`
			`return t.IsValidAt(time.Now())`
			`}`

			`// IsValidNow verifies that the token can be used at the given time, based on expiration or "not before" fields.`
			`// This does NOT do any other kind of verifications.`
			`func (t *Token) IsValidAt(ti time.Time) bool {`
fix: issues discovered by invocation validation tests 2024-11-13 12:40:25 -05:00			`if t.expiration != nil && ti.After(*t.expiration) {`
wip API exploration 2024-10-18 10:48:47 +02:00			`return false`
			`}`
			`if t.notBefore != nil && ti.Before(*t.notBefore) {`
			`return false`
			`}`
			`return true`
			`}`

feat(delegation): copy Option plus New and Root constructors from the envelope branch 2024-09-18 15:48:07 -04:00			`func (t *Token) validate() error {`
			`var errs error`

			`requiredDID := func(id did.DID, fieldname string) {`
delegation: tune the validation step - avoid a double parsing when the flow already parsed (command, policy) - don't require a did:key, as other types are legal (but might require a resolver, TODO) - make the command a struct instead of a pointer: we don't need to avoid copy, and the pointer can be interpreted as nil - make the nonce parameter optional, but generate one if none is given 2024-09-19 11:16:33 +02:00			`if !id.Defined() {`
			errs = errors.Join(errs, fmt.Errorf(`a valid did is required for %s: %s`, fieldname, id.String()))
feat(delegation): copy Option plus New and Root constructors from the envelope branch 2024-09-18 15:48:07 -04:00			`}`
			`}`

			`requiredDID(t.issuer, "Issuer")`
			`requiredDID(t.audience, "Audience")`

delegation: tune the validation step - avoid a double parsing when the flow already parsed (command, policy) - don't require a did:key, as other types are legal (but might require a resolver, TODO) - make the command a struct instead of a pointer: we don't need to avoid copy, and the pointer can be interpreted as nil - make the nonce parameter optional, but generate one if none is given 2024-09-19 11:16:33 +02:00			`if len(t.nonce) < 12 {`
			`errs = errors.Join(errs, fmt.Errorf("token nonce too small"))`
feat(delegation): copy Option plus New and Root constructors from the envelope branch 2024-09-18 15:48:07 -04:00			`}`

validate token timestamps integer limits 2024-12-02 11:37:03 +01:00			`if t.notBefore != nil {`
			`if err := validateTimestamp(t.notBefore.Unix(), "nbf"); err != nil {`
			`errs = errors.Join(errs, err)`
			`}`
			`}`

			`if t.expiration != nil {`
			`if err := validateTimestamp(t.expiration.Unix(), "exp"); err != nil {`
			`errs = errors.Join(errs, err)`
			`}`
			`}`

feat(delegation): copy Option plus New and Root constructors from the envelope branch 2024-09-18 15:48:07 -04:00			`return errs`
			`}`

fix(delegation): finish (haha) validation for tokens coming off the wire and for newly constructed tokens 2024-09-18 15:53:29 -04:00			`// tokenFromModel build a decoded view of the raw IPLD data.`
delegation: first import with rough IPLD round-trip 2024-08-30 22:06:59 +02:00			`// This function also serves as validation.`
fix(delegation): finish (haha) validation for tokens coming off the wire and for newly constructed tokens 2024-09-18 15:53:29 -04:00			`func tokenFromModel(m tokenPayloadModel) (*Token, error) {`
			`var (`
			`tkn Token`
			`err error`
			`)`
delegation: first import with rough IPLD round-trip 2024-08-30 22:06:59 +02:00
fix(delegation): finish (haha) validation for tokens coming off the wire and for newly constructed tokens 2024-09-18 15:53:29 -04:00			`tkn.issuer, err = did.Parse(m.Iss)`
delegation: first import with rough IPLD round-trip 2024-08-30 22:06:59 +02:00			`if err != nil {`
			`return nil, fmt.Errorf("parse iss: %w", err)`
			`}`

invocation: round of cleanups/fixes 2024-11-05 17:39:39 +01:00			`if tkn.audience, err = did.Parse(m.Aud); err != nil {`
delegation: first import with rough IPLD round-trip 2024-08-30 22:06:59 +02:00			`return nil, fmt.Errorf("parse audience: %w", err)`
			`}`

invocation: round of cleanups/fixes 2024-11-05 17:39:39 +01:00			`if tkn.subject, err = parse.OptionalDID(m.Sub); err != nil {`
			`return nil, fmt.Errorf("parse subject: %w", err)`
delegation: first import with rough IPLD round-trip 2024-08-30 22:06:59 +02:00			`}`

invocation: round of cleanups/fixes 2024-11-05 17:39:39 +01:00			`if tkn.command, err = command.Parse(m.Cmd); err != nil {`
delegation: complete view setup 2024-09-02 02:34:00 +02:00			`return nil, fmt.Errorf("parse command: %w", err)`
			`}`
delegation: first import with rough IPLD round-trip 2024-08-30 22:06:59 +02:00
invocation: round of cleanups/fixes 2024-11-05 17:39:39 +01:00			`if tkn.policy, err = policy.FromIPLD(m.Pol); err != nil {`
delegation: complete view setup 2024-09-02 02:34:00 +02:00			`return nil, fmt.Errorf("parse policy: %w", err)`
			`}`
delegation: first import with rough IPLD round-trip 2024-08-30 22:06:59 +02:00
			`if len(m.Nonce) == 0 {`
			`return nil, fmt.Errorf("nonce is required")`
			`}`
fix(delegation): finish (haha) validation for tokens coming off the wire and for newly constructed tokens 2024-09-18 15:53:29 -04:00			`tkn.nonce = m.Nonce`
delegation: first import with rough IPLD round-trip 2024-08-30 22:06:59 +02:00
fix(delegation): meta is optional 2024-10-24 13:43:52 -04:00			`tkn.meta = m.Meta`
delegation: first import with rough IPLD round-trip 2024-08-30 22:06:59 +02:00
invocation: round of cleanups/fixes 2024-11-05 17:39:39 +01:00			`tkn.notBefore = parse.OptionalTimestamp(m.Nbf)`
			`tkn.expiration = parse.OptionalTimestamp(m.Exp)`
delegation: first import with rough IPLD round-trip 2024-08-30 22:06:59 +02:00
fix(delegation): finish (haha) validation for tokens coming off the wire and for newly constructed tokens 2024-09-18 15:53:29 -04:00			`if err := tkn.validate(); err != nil {`
			`return nil, err`
			`}`

			`return &tkn, nil`
delegation: first import with rough IPLD round-trip 2024-08-30 22:06:59 +02:00			`}`
validate token timestamps integer limits 2024-12-02 11:37:03 +01:00
			`func validateTimestamp(ts int64, field string) error {`
			`if ts > limits.MaxInt53 \|\| ts < limits.MinInt53 {`
			`return fmt.Errorf("token %s timestamp %d exceeds safe integer bounds", field, ts)`
			`}`

			`return nil`
			`}`