rustack_auth/error.rs
1//! Error types for SigV4 authentication.
2//!
3//! All authentication failures are represented by [`AuthError`], which provides
4//! specific variants for each failure mode encountered during signature verification.
5
6/// Errors that can occur during AWS Signature Version 4 authentication.
7#[derive(Debug, thiserror::Error)]
8pub enum AuthError {
9 /// The `Authorization` header is missing from the request.
10 #[error("Missing Authorization header")]
11 MissingAuthHeader,
12
13 /// The `Authorization` header could not be parsed.
14 #[error("Invalid Authorization header format")]
15 InvalidAuthHeader,
16
17 /// The signing algorithm is not supported (only AWS4-HMAC-SHA256 is supported).
18 #[error("Unsupported algorithm: {0}")]
19 UnsupportedAlgorithm(String),
20
21 /// A required HTTP header referenced in `SignedHeaders` is missing.
22 #[error("Missing required header: {0}")]
23 MissingHeader(String),
24
25 /// The `Credential` component does not match the expected format
26 /// (`AKID/date/region/service/aws4_request`).
27 #[error("Invalid credential format")]
28 InvalidCredential,
29
30 /// The access key ID was not found in the credential store.
31 #[error("Access key not found: {0}")]
32 AccessKeyNotFound(String),
33
34 /// The computed signature does not match the provided signature.
35 #[error("Signature does not match")]
36 SignatureDoesNotMatch,
37
38 /// The presigned URL has expired (current time exceeds `X-Amz-Date` + `X-Amz-Expires`).
39 #[error("Request has expired")]
40 RequestExpired,
41
42 /// A required query parameter for presigned URL authentication is missing.
43 #[error("Missing required query parameter: {0}")]
44 MissingQueryParam(String),
45}