identity/com.midnight.kuira.core.identity.auth/AuthorizationRecord

AuthorizationRecord

class AuthorizationRecord(val id: String, val did: String, val credentialId: String, val payload: ByteArray, val authenticatorData: ByteArray, val clientDataJson: ByteArray, val signature: ByteArray, val accessKeyPath: String, val label: String, val revoked: Boolean = false, val createdAtMs: Long, val revokedAtMs: Long? = null)

A stored authorization record linking a root identity to an access key.

This is the persistent form of a keyAuthorization — saved after the passkey signs the delegation payload during the CredentialManager ceremony.

The record is self-verifiable: anyone with the root public key can check the WebAuthn signature against the payload without trusting a server.

Constructors

Link copied to clipboard
constructor(id: String, did: String, credentialId: String, payload: ByteArray, authenticatorData: ByteArray, clientDataJson: ByteArray, signature: ByteArray, accessKeyPath: String, label: String, revoked: Boolean = false, createdAtMs: Long, revokedAtMs: Long? = null)

Properties

Link copied to clipboard
val accessKeyPath: String

HD derivation path of the access key (e.g., "m/44'/2400'/0'/5/0").

Link copied to clipboard
val authenticatorData: ByteArray

WebAuthn authenticator data from the assertion ceremony.

Link copied to clipboard
val clientDataJson: ByteArray

WebAuthn client data JSON from the assertion ceremony.

Link copied to clipboard
val createdAtMs: Long

When the record was created (epoch millis).

Link copied to clipboard
val credentialId: String

Credential ID from the passkey registration.

Link copied to clipboard
val did: String

The user's DID (did:key:z...) derived from the root passkey.

Link copied to clipboard
val id: String

Unique identifier for this record.

Link copied to clipboard
val label: String

Label for identifying this authorization (e.g., dApp name, "default").

Link copied to clipboard
val payload: ByteArray

The authorization payload (99 bytes, contains root+access keys, scope, timestamps).

Link copied to clipboard
val revoked: Boolean = false

Whether this authorization has been revoked.

Link copied to clipboard
val revokedAtMs: Long? = null

When the record was revoked (epoch millis), or null if active.

Link copied to clipboard
val signature: ByteArray

ECDSA P-256 signature from the passkey over the assertion data.

Functions

Link copied to clipboard
open operator override fun equals(other: Any?): Boolean
Link copied to clipboard
open override fun hashCode(): Int
Link copied to clipboard
fun parsePayload(): AuthorizationPayload

Parse the embedded authorization payload.

Link copied to clipboard
open override fun toString(): String