Skip to main content

allowthem_core/
error.rs

1/// Structured errors for RS256 access token validation.
2///
3/// Allows the server layer to map to specific OAuth2 error responses
4/// without inspecting error message strings.
5#[derive(Debug, thiserror::Error)]
6pub enum AccessTokenError {
7    #[error("token expired")]
8    Expired,
9    #[error("invalid signature")]
10    InvalidSignature,
11    #[error("unknown signing key: {0}")]
12    UnknownKid(String),
13    #[error("invalid claims: {0}")]
14    InvalidClaims(String),
15    #[error("malformed token: {0}")]
16    MalformedToken(String),
17}
18
19#[derive(Debug, thiserror::Error)]
20pub enum AuthError {
21    #[error("database error: {0}")]
22    Database(#[from] sqlx::Error),
23
24    #[error("invalid email format")]
25    InvalidEmail,
26
27    #[error("not found")]
28    NotFound,
29
30    #[error("invalid credentials")]
31    InvalidCredentials,
32
33    #[error("conflict: {0}")]
34    Conflict(String),
35
36    #[error("invalid password hash: {0}")]
37    InvalidPasswordHash(String),
38
39    #[error("email error: {0}")]
40    Email(String),
41
42    #[error("jwt error: {0}")]
43    Jwt(String),
44
45    #[error("OAuth state invalid or expired")]
46    OAuthStateMismatch,
47
48    #[error("OAuth token exchange failed: {0}")]
49    OAuthTokenExchange(String),
50
51    #[error("OAuth user info fetch failed: {0}")]
52    OAuthUserInfoFetch(String),
53
54    #[error("OAuth HTTP error: {0}")]
55    OAuthHttp(String),
56
57    #[error("MFA not configured -- provide mfa_key to AllowThemBuilder")]
58    MfaNotConfigured,
59
60    #[error("MFA already enabled for this user")]
61    MfaAlreadyEnabled,
62
63    #[error("MFA not enabled for this user")]
64    MfaNotEnabled,
65
66    #[error("invalid TOTP code")]
67    InvalidTotpCode,
68
69    #[error("MFA encryption error: {0}")]
70    MfaEncryption(String),
71
72    #[error("resource already consumed")]
73    Gone,
74
75    #[error("forbidden: {0}")]
76    Forbidden(String),
77
78    #[error("signing key error: {0}")]
79    SigningKey(String),
80
81    #[error("signing key not configured -- provide signing_key to AllowThemBuilder")]
82    SigningKeyNotConfigured,
83
84    #[error("invalid redirect URI: {0}")]
85    InvalidRedirectUri(String),
86
87    #[error("validation error: {0}")]
88    Validation(String),
89
90    #[error("invalid authorization request: {0}")]
91    InvalidAuthorizationRequest(String),
92
93    #[error("base URL not configured -- provide base_url to AllowThemBuilder")]
94    BaseUrlNotConfigured,
95
96    #[error("CSRF key not configured -- provide csrf_key to AllowThemBuilder")]
97    CsrfKeyNotConfigured,
98
99    #[error("access token error: {0}")]
100    AccessToken(#[from] AccessTokenError),
101}