Heavily customized version of smokesignal - https://whtwnd.com/kayrozen.com/3lpwe4ymowg2t
kayrozen.com
1use thiserror::Error;
2
3/// Represents errors that can occur during OAuth resource validation.
4///
5/// These errors occur when validating the configuration of an OAuth resource server
6/// against the requirements of the AT Protocol.
7#[derive(Debug, Error)]
8pub enum ResourceValidationError {
9 /// Error when the resource server URI doesn't match the PDS URI.
10 ///
11 /// This error occurs when the resource server URI in the OAuth configuration
12 /// does not match the expected Personal Data Server (PDS) URI, which is required
13 /// for proper AT Protocol OAuth integration.
14 #[error("error-oauth-resource-1 Resource must match PDS")]
15 ResourceMustMatchPds,
16
17 /// Error when the authorization servers list is empty.
18 ///
19 /// This error occurs when the OAuth resource configuration doesn't specify
20 /// any authorization servers, which is required for AT Protocol OAuth flows.
21 #[error("error-oauth-resource-2 Authorization servers must not be empty")]
22 AuthorizationServersMustNotBeEmpty,
23}
24
25/// Represents errors that can occur during OAuth authorization server validation.
26///
27/// These errors occur when validating the configuration of an OAuth authorization server
28/// against the requirements specified by the AT Protocol.
29#[derive(Debug, Error)]
30pub enum AuthServerValidationError {
31 /// Error when the authorization server issuer doesn't match the PDS.
32 ///
33 /// This error occurs when the issuer URI in the OAuth authorization server metadata
34 /// does not match the expected Personal Data Server (PDS) URI.
35 #[error("error-oauth-auth-server-1 Issuer must match PDS")]
36 IssuerMustMatchPds,
37
38 /// Error when the 'code' response type is not supported.
39 ///
40 /// This error occurs when the authorization server doesn't support the 'code' response type,
41 /// which is required for the authorization code grant flow in AT Protocol.
42 #[error("error-oauth-auth-server-2 Response types supported must include 'code'")]
43 ResponseTypesSupportMustIncludeCode,
44
45 /// Error when the 'authorization_code' grant type is not supported.
46 ///
47 /// This error occurs when the authorization server doesn't support the 'authorization_code'
48 /// grant type, which is required for the AT Protocol OAuth flow.
49 #[error("error-oauth-auth-server-3 Grant types supported must include 'authorization_code'")]
50 GrantTypesSupportMustIncludeAuthorizationCode,
51
52 /// Error when the 'refresh_token' grant type is not supported.
53 ///
54 /// This error occurs when the authorization server doesn't support the 'refresh_token'
55 /// grant type, which is required for maintaining long-term access in AT Protocol.
56 #[error("error-oauth-auth-server-4 Grant types supported must include 'refresh_token'")]
57 GrantTypesSupportMustIncludeRefreshToken,
58
59 /// Error when the 'S256' code challenge method is not supported.
60 ///
61 /// This error occurs when the authorization server doesn't support the 'S256' code
62 /// challenge method for PKCE, which is required for secure authorization code flow.
63 #[error("error-oauth-auth-server-5 Code challenge methods supported must include 'S256'")]
64 CodeChallengeMethodsSupportedMustIncludeS256,
65
66 /// Error when the 'none' token endpoint auth method is not supported.
67 ///
68 /// This error occurs when the authorization server doesn't support the 'none'
69 /// token endpoint authentication method, which is used for public clients.
70 #[error("error-oauth-auth-server-6 Token endpoint auth methods supported must include 'none'")]
71 TokenEndpointAuthMethodsSupportedMustIncludeNone,
72
73 /// Error when the 'private_key_jwt' token endpoint auth method is not supported.
74 ///
75 /// This error occurs when the authorization server doesn't support the 'private_key_jwt'
76 /// token endpoint authentication method, which is required for AT Protocol clients.
77 #[error("error-oauth-auth-server-7 Token endpoint auth methods supported must include 'private_key_jwt'")]
78 TokenEndpointAuthMethodsSupportedMustIncludePrivateKeyJwt,
79
80 /// Error when the 'ES256' signing algorithm is not supported for token endpoint auth.
81 ///
82 /// This error occurs when the authorization server doesn't support the 'ES256' signing
83 /// algorithm for token endpoint authentication, which is required for AT Protocol.
84 #[error("error-oauth-auth-server-8 Token endpoint auth signing algorithm values must include 'ES256'")]
85 TokenEndpointAuthSigningAlgValuesMustIncludeES256,
86
87 /// Error when the 'atproto' scope is not supported.
88 ///
89 /// This error occurs when the authorization server doesn't support the 'atproto'
90 /// scope, which is required for accessing AT Protocol resources.
91 #[error("error-oauth-auth-server-9 Scopes supported must include 'atproto'")]
92 ScopesSupportedMustIncludeAtProto,
93
94 /// Error when the 'transition:generic' scope is not supported.
95 ///
96 /// This error occurs when the authorization server doesn't support the 'transition:generic'
97 /// scope, which is required for transitional functionality in AT Protocol.
98 #[error("error-oauth-auth-server-10 Scopes supported must include 'transition:generic'")]
99 ScopesSupportedMustIncludeTransitionGeneric,
100
101 /// Error when the 'ES256' DPoP signing algorithm is not supported.
102 ///
103 /// This error occurs when the authorization server doesn't support the 'ES256'
104 /// signing algorithm for DPoP proofs, which is required for AT Protocol security.
105 #[error(
106 "error-oauth-auth-server-11 DPoP signing algorithm values supported must include 'ES256'"
107 )]
108 DpopSigningAlgValuesSupportedMustIncludeES256,
109
110 /// Error when required server features are not supported.
111 ///
112 /// This error occurs when the authorization server doesn't support required features
113 /// such as pushed authorization requests, client ID metadata, or authorization response parameters.
114 #[error("error-oauth-auth-server-12 Authorization response parameters, pushed requests, client ID metadata must be supported")]
115 RequiredServerFeaturesMustBeSupported,
116}