pub enum IdentityError {
}Expand description
Everything the CIAM engine can reject a request for.
Kept deliberately coarse: the exact reason for an auth failure must never
leak to the caller (account enumeration), so several variants intentionally
collapse to the same 401 at the boundary.
Variants§
InvalidCredentials
Bad email/password, unknown user, unverified account used where verification is required — anything that must present as a generic 401.
AccountLocked
Account exists but is locked (too many failed attempts) or suspended.
MfaRequired
A second factor is required and was not satisfied. Carries an opaque challenge id the client echoes back with the factor response.
MfaFailed
The supplied MFA code / assertion was wrong.
AlreadyExists
Registration collided with an existing identity.
InvalidToken
A one-time token (verify link, reset, magic link, OTP) was missing, expired, already consumed, or forged.
Forbidden
The caller is authenticated but not allowed to perform the action.
NotFound
Requested identity / resource does not exist (safe to reveal).
Internal(String)
Backend store / hashing / signing failure — maps to 500.
A distributed dependency (lockout backend, store) was unavailable and policy is fail-closed.
PasswordRejected(String)
A chosen password failed the complexity policy or appeared in a breach corpus. Safe to reveal the reason (this is registration, not login).
ConsentRequired(Vec<String>)
The subject has not granted the consents required to issue tokens.
RateLimited
Too many attempts against an abuse-limited action (OTP send, signup).
Trait Implementations§
Source§impl Clone for IdentityError
impl Clone for IdentityError
Source§fn clone(&self) -> IdentityError
fn clone(&self) -> IdentityError
1.0.0 (const: unstable) · Source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source. Read moreSource§impl Debug for IdentityError
impl Debug for IdentityError
Source§impl Display for IdentityError
impl Display for IdentityError
Source§impl Error for IdentityError
impl Error for IdentityError
1.30.0 · Source§fn source(&self) -> Option<&(dyn Error + 'static)>
fn source(&self) -> Option<&(dyn Error + 'static)>
1.0.0 · Source§fn description(&self) -> &str
fn description(&self) -> &str
use the Display impl or to_string()
Source§impl From<IdentityError> for HttpException
impl From<IdentityError> for HttpException
Source§fn from(e: IdentityError) -> Self
fn from(e: IdentityError) -> Self
Auto Trait Implementations§
impl Freeze for IdentityError
impl RefUnwindSafe for IdentityError
impl Send for IdentityError
impl Sync for IdentityError
impl Unpin for IdentityError
impl UnsafeUnpin for IdentityError
impl UnwindSafe for IdentityError
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
impl<ST, DT> CastableFrom<ST, Initialized, Initialized> for DT
impl<ST, DT> CastableFrom<ST, Uninit, Uninit> for DT
Source§impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> CloneToUninit for Twhere
T: Clone,
Source§impl<T> FutureExt for T
impl<T> FutureExt for T
Source§fn with_context(self, otel_cx: Context) -> WithContext<Self>
fn with_context(self, otel_cx: Context) -> WithContext<Self>
Source§fn with_current_context(self) -> WithContext<Self>
fn with_current_context(self) -> WithContext<Self>
Source§impl<T> Instrument for T
impl<T> Instrument for T
Source§fn instrument(self, span: Span) -> Instrumented<Self>
fn instrument(self, span: Span) -> Instrumented<Self>
Source§fn in_current_span(self) -> Instrumented<Self>
fn in_current_span(self) -> Instrumented<Self>
Source§impl<T> IntoRequest<T> for T
impl<T> IntoRequest<T> for T
Source§fn into_request(self) -> Request<T>
fn into_request(self) -> Request<T>
T in a tonic::Request