solid-pod-rs-idp 0.4.0-alpha.2

Solid-OIDC identity provider (authorization-code + DPoP-bound tokens, JWKS, credentials, dynamic client registration) — Rust port of JavaScriptSolidServer/src/idp
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89

//! Crate-wide error type for the IdP.

use thiserror::Error;

use solid_pod_rs::PodError;

/// Errors surfaced by the provider surface.
#[derive(Debug, Error)]
pub enum ProviderError {
    /// OIDC spec error: something about the request was malformed.
    #[error("invalid request: {0}")]
    InvalidRequest(String),

    /// OIDC spec error: the caller is not allowed to perform this
    /// action.
    #[error("invalid grant: {0}")]
    InvalidGrant(String),

    /// OIDC spec error: unknown client.
    #[error("invalid client: {0}")]
    InvalidClient(String),

    /// Missing / malformed DPoP proof.
    #[error("invalid DPoP: {0}")]
    InvalidDpop(String),

    /// Client Identifier Document fetch / validation failed.
    #[error("client document: {0}")]
    ClientDocument(String),

    /// Password does not meet the minimum length requirement.
    /// JSS commit `1feead2` enforces >= 8 characters at registration.
    #[error("password must be at least {min_length} characters")]
    PasswordTooShort {
        /// The minimum length that was not met.
        min_length: usize,
    },

    /// Rate limit tripped.
    #[error("rate limited (retry after {retry_after_secs}s)")]
    RateLimited {
        /// Seconds the client should wait.
        retry_after_secs: u64,
    },

    /// User store failure (DB down, etc.).
    #[error("user store: {0}")]
    UserStore(String),

    /// Internal crypto / JWT error.
    #[error("crypto: {0}")]
    Crypto(String),

    /// Session lookup / expiry error.
    #[error("session: {0}")]
    Session(String),

    /// Propagation from core crate.
    #[error(transparent)]
    Core(#[from] PodError),

    /// I/O (file-backed stores, etc.).
    #[error(transparent)]
    Io(#[from] std::io::Error),

    /// Generic "something unexpected happened".
    #[error("internal: {0}")]
    Internal(String),
}

impl ProviderError {
    /// Stable short code for wire responses (`error` field of an
    /// OAuth2 error response, RFC 6749 §5.2).
    pub fn code(&self) -> &'static str {
        match self {
            Self::InvalidRequest(_) | Self::PasswordTooShort { .. } => "invalid_request",
            Self::InvalidGrant(_) => "invalid_grant",
            Self::InvalidClient(_) => "invalid_client",
            Self::InvalidDpop(_) => "invalid_dpop_proof",
            Self::ClientDocument(_) => "invalid_client",
            Self::RateLimited { .. } => "rate_limited",
            Self::UserStore(_) | Self::Session(_) | Self::Internal(_) | Self::Io(_) => {
                "server_error"
            }
            Self::Crypto(_) => "server_error",
            Self::Core(_) => "server_error",
        }
    }
}