Skip to content

Mandates

A mandate is the token Caracal issues after the STS approves an exchange. It is a short-lived JWT signed with the zone signing key and verified by the Gateway or resource connectors.

A valid mandate proves:

  • which zone issued it;
  • which application and principal are acting;
  • which session anchors are active;
  • which resource targets and scopes were approved;
  • whether authority came from an agent session or delegation edge;
  • when the authority expires.
flowchart LR
  Subject["Subject token or agent context"] --> Exchange["OAuth token exchange"]
  Exchange --> Policy["Policy evaluation"]
  Policy -->|"allow"| Mandate["Mandate JWT"]
  Mandate --> Verify["Gateway or connector verification"]
  Verify --> Resource["Protected resource"]
UseVerification focus
Gateway requestIssuer, audience, zone, resource, scopes, expiry, revocation.
MCP tool callBearer token, required scopes, required targets, agent/delegation constraints.
SDK outbound callContext propagation and mandate header injection.
Delegated exchangeAgent session, delegation edge, scopes, hop count, and constraints.

Mandates are intentionally short lived and context bound. They should not be stored as durable credentials, copied into configuration files, or reused across unrelated resources.

Resource servers should always verify a mandate at request time. Verification includes signature and claim checks plus revocation-anchor checks for the session, root session, agent session, and delegation edge when present.

FailureMeaning
invalid_tokenSignature, issuer, audience, required claim, or expiry validation failed.
scope_insufficientThe mandate does not contain a required scope.
session_revokedOne of the mandate revocation anchors has been revoked.
agent_identity_requiredThe resource requires an agent mandate.
delegation_requiredThe resource requires delegated authority.
chain_mismatchThe delegation chain does not include the required application.
hop_count_exceededThe delegation path exceeds the configured hop limit.

Read Agent Delegation to understand how agent sessions pass bounded authority.