rustack-auth 0.9.0

AWS Signature Version 2 and 4 request authentication for Rustack
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45

//! Error types for SigV4 authentication.
//!
//! All authentication failures are represented by [`AuthError`], which provides
//! specific variants for each failure mode encountered during signature verification.

/// Errors that can occur during AWS Signature Version 4 authentication.
#[derive(Debug, thiserror::Error)]
pub enum AuthError {
    /// The `Authorization` header is missing from the request.
    #[error("Missing Authorization header")]
    MissingAuthHeader,

    /// The `Authorization` header could not be parsed.
    #[error("Invalid Authorization header format")]
    InvalidAuthHeader,

    /// The signing algorithm is not supported (only AWS4-HMAC-SHA256 is supported).
    #[error("Unsupported algorithm: {0}")]
    UnsupportedAlgorithm(String),

    /// A required HTTP header referenced in `SignedHeaders` is missing.
    #[error("Missing required header: {0}")]
    MissingHeader(String),

    /// The `Credential` component does not match the expected format
    /// (`AKID/date/region/service/aws4_request`).
    #[error("Invalid credential format")]
    InvalidCredential,

    /// The access key ID was not found in the credential store.
    #[error("Access key not found: {0}")]
    AccessKeyNotFound(String),

    /// The computed signature does not match the provided signature.
    #[error("Signature does not match")]
    SignatureDoesNotMatch,

    /// The presigned URL has expired (current time exceeds `X-Amz-Date` + `X-Amz-Expires`).
    #[error("Request has expired")]
    RequestExpired,

    /// A required query parameter for presigned URL authentication is missing.
    #[error("Missing required query parameter: {0}")]
    MissingQueryParam(String),
}