Skip to main content

UcanVerifyError

atd_runtime::ucan::error

Enum UcanVerifyError

pub enum UcanVerifyError {
    Parse(UcanParseError),
    BadSignature {
        cid: String,
    },
    MalformedSignature {
        cid: String,
        reason: String,
    },
    MalformedDidKey {
        field: &'static str,
        reason: String,
    },
    Expired {
        cid: String,
        exp: i64,
        now: i64,
    },
    WideningAttenuation {
        cid: String,
        parent: Vec<String>,
        child: Vec<String>,
    },
    ChainBroken {
        parent_cid: String,
        parent_aud: String,
        child_cid: String,
        child_iss: String,
    },
    AudienceMismatch {
        leaf_aud: String,
        expected: String,
    },
    ChainTooDeep {
        depth: u8,
        max: u8,
    },
    Revoked {
        cid: String,
    },
    MultiParentNotSupported {
        cid: String,
        n_parents: usize,
    },
}

Expand description

Errors returned by crate::ucan::verify_jwt / verify_tokens.

Parse-stage failures bubble up as Parse(_) → wire code ERR_UCAN_INVALID = 1010. Other verify-stage failures map to:

Variant	Wire code
`Parse`, `BadSignature`, `WideningAttenuation`, `MultiParentNotSupported`, `MalformedDidKey`, `MalformedSignature`, `ChainBroken`	1010 ERR_UCAN_INVALID
`Expired`	1011 ERR_UCAN_EXPIRED
`ChainTooDeep`	1012 ERR_DELEGATION_TOO_DEEP
`AudienceMismatch`	1013 ERR_AUDIENCE_MISMATCH
`Revoked`	1010 ERR_UCAN_INVALID (with revoked-cid hint)

All retryable: false (deterministic).

Variants§

Parse(UcanParseError)

Underlying parse failure (any UcanParseError variant).

BadSignature

Ed25519 signature verification failed for the named token CID.

Fields

§cid: String

MalformedSignature

Signature segment failed to base64url-decode or had wrong length.

Fields

§cid: String

§reason: String

MalformedDidKey

did:key:z... failed to decode (bad multibase, wrong multicodec prefix, or wrong key length).

Fields

§field: &'static str

§reason: String

Expired

A link’s exp <= now(). Distinct from Parse because the token was well-formed — it just lapsed.

Fields

§cid: String

§exp: i64

§now: i64

WideningAttenuation

Child claims caps the parent did not grant.

Fields

§cid: String

§parent: Vec<String>

§child: Vec<String>

ChainBroken

Link N’s iss doesn’t match link N-1’s aud. The chain is broken.

Fields

§parent_cid: String

§parent_aud: String

§child_cid: String

§child_iss: String

AudienceMismatch

The leaf’s aud doesn’t match the configured expected audience.

Fields

§leaf_aud: String

§expected: String

ChainTooDeep

The chain exceeds the configured max_chain_depth.

Fields

§depth: u8

§max: u8

Revoked

A link’s CID was in the revocation store.

Fields

§cid: String

MultiParentNotSupported

prf field has more than one parent. UCAN v1.0 spec allows multi-parent; SP-capability-v2 v1 supports single-chain only.

Fields

§cid: String

§n_parents: usize

Trait Implementations§

impl Debug for UcanVerifyError

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

impl Display for UcanVerifyError

fn fmt(&self, __formatter: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

impl Error for UcanVerifyError

fn source(&self) -> Option<&(dyn Error + 'static)>

Returns the lower-level source of this error, if any. Read more

1.0.0 · Source§

fn description(&self) -> &str

👎Deprecated since 1.42.0:

use the Display impl or to_string()

1.0.0 · Source§

fn cause(&self) -> Option<&dyn Error>

👎Deprecated since 1.33.0:

replaced by Error::source, which can support downcasting

fn provide<'a>(&'a self, request: &mut Request<'a>)

🔬This is a nightly-only experimental API. (error_generic_member_access)

Provides type-based access to context intended for error reports. Read more

impl From<UcanParseError> for UcanVerifyError

fn from(source: UcanParseError) -> Self

Converts to this type from the input type.

Auto Trait Implementations§

impl Freeze for UcanVerifyError

impl RefUnwindSafe for UcanVerifyError

impl Send for UcanVerifyError

impl Sync for UcanVerifyError

impl Unpin for UcanVerifyError

impl UnsafeUnpin for UcanVerifyError

impl UnwindSafe for UcanVerifyError

Blanket Implementations§

impl<T> Any for T
where T: 'static + ?Sized,

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

impl<T> Borrow<T> for T
where T: ?Sized,

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for T
where T: ?Sized,

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

impl<T> From<T> for T

fn from(t: T) -> T

Returns the argument unchanged.

impl<T, U> Into<U> for T
where U: From<T>,

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

impl<T> Same for T

type Output = T

Should always be Self

impl<T> ToString for T
where T: Display + ?Sized,

fn to_string(&self) -> String

Converts the given value to a String. Read more

impl<T, U> TryFrom<U> for T
where U: Into<T>,

type Error = Infallible

The type returned in the event of a conversion error.

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

fn vzip(self) -> V