klieo-auth-common 2.2.0

Shared authentication traits and types for klieo HTTP transports
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

//! Failure cases for authentication.

use thiserror::Error;

/// Failure cases for authentication.
///
/// `Missing` and `Malformed` describe transport-level rejections (no
/// header / wrong scheme); `Rejected` carries an authenticator-supplied
/// diagnostic string that MUST stay server-side — handlers map this to
/// a JSON-RPC `-32001 Unauthenticated` envelope on the wire without
/// echoing the inner message.
#[derive(Debug, Error)]
#[non_exhaustive]
pub enum AuthError {
    /// The `Authorization` header was not present on the request.
    #[error("missing Authorization header")]
    Missing,
    /// The header is present but does not match the expected format
    /// (e.g. wrong scheme prefix).
    #[error("malformed Authorization header")]
    Malformed,
    /// The verifier rejected the credential (bad signature, expired
    /// token, revoked, etc.). The string is included for log diagnostics
    /// and never returned to the caller.
    #[error("verification failed: {0}")]
    Rejected(String),
}