Function scram_verify_server 

pub fn scram_verify_server(state: AuthState, server_final: &[u8]) -> Result<()>

Verifies the server-final message.

This function consumes the AuthState, ensuring all sensitive cryptographic material is zeroized after verification completes.

Errors

Returns Error (auth) when:

• server_final is not valid UTF-8.
• The payload is missing the v= server-signature prefix.
• The server signature cannot be base64-decoded.
• The SCRAM state is incomplete (missing AuthState::server_key or AuthState::auth_message), indicating the caller did not run scram_client_final first.
• The computed server signature does not match the one provided by the server (indicates the server does not know the user’s password).