1#[derive(Debug, thiserror::Error)]
2pub enum AuthError {
3 #[error("Invalid credentials")]
4 InvalidCredentials,
5
6 #[error("Token expired")]
7 TokenExpired,
8
9 #[error("Invalid token: {reason}")]
10 InvalidToken { reason: String },
11
12 #[error("Provider error: {provider} - {message}")]
13 ProviderError { provider: String, message: String },
14
15 #[error("Invalid OAuth state")]
16 InvalidState,
17
18 #[error("User denied authorization")]
19 UserDenied,
20
21 #[error("Session not found")]
22 SessionNotFound,
23
24 #[error("Session expired")]
25 SessionExpired,
26
27 #[error("Insufficient permissions: requires {required}")]
28 InsufficientPermissions { required: String },
29
30 #[error("Refresh token invalid or expired")]
31 RefreshTokenInvalid,
32
33 #[error("Account locked: {reason}")]
34 AccountLocked { reason: String },
35}
36
37impl AuthError {
38 pub const fn error_code(&self) -> &'static str {
39 match self {
40 Self::InvalidCredentials => "invalid_credentials",
41 Self::TokenExpired => "token_expired",
42 Self::InvalidToken { .. } => "invalid_token",
43 Self::ProviderError { .. } => "auth_provider_error",
44 Self::InvalidState => "invalid_oauth_state",
45 Self::UserDenied => "user_denied",
46 Self::SessionNotFound => "session_not_found",
47 Self::SessionExpired => "session_expired",
48 Self::InsufficientPermissions { .. } => "insufficient_permissions",
49 Self::RefreshTokenInvalid => "refresh_token_invalid",
50 Self::AccountLocked { .. } => "account_locked",
51 }
52 }
53}