Skip to content

feat: more expressive errors #44

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
raphaelrobert merged 4 commits into from
Dec 4, 2025
Merged

feat: more expressive errors #44

raphaelrobert merged 4 commits into from
Dec 4, 2025

Conversation

@raphaelrobert
Copy link
Owner

@raphaelrobert raphaelrobert commented Nov 2, 2025
edited
Loading

No description provided.

@raphaelrobert raphaelrobert mentioned this pull request Nov 2, 2025
Open
jcjones
jcjones approved these changes Nov 3, 2025
View reviewed changes
Copy link

@jcjones jcjones left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks great, thank you! I also appreciate the refactoring around deserializing the responses, that is much clearer too.

src/common/errors.rs Outdated
},
}

impl PartialEq for CreateKeypairError {
Copy link

@jcjones jcjones Nov 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since all these PartialEq only compare variants and not the underlying source fields, it feels like that should be documented for types, and perhaps Eq not be implemented.

src/common/errors.rs

/// Serialization error
#[derive(Error, Debug)]
pub enum SerializationError {
Copy link

@jcjones jcjones Nov 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

did you want to impl PartialEq here for SerializationError?

@raphaelrobert raphaelrobert enabled auto-merge (squash) November 30, 2025 22:56
@raphaelrobert
Copy link
Owner Author

raphaelrobert commented Nov 30, 2025

@jcjones It turns out that the changes from #45 make #42 somewhat more complicated. Since we can now have several public keys for which we verify a signature, we expect signature verification to fail for all but one key. Therefore it's not entirely clear what we should return.
Looking at the underlying verify() function in the blind-rsa-signatures crate, only Error::UnsupportedParameters is returned when the length of the signature and the public key modulus are not equal, all other errors are mapped to Error::VerificationFailed.

Some options:

  1. When all verification attempts fail with all keys, we return all errors.
  2. When all verification attempts fail with all keys, we only return errors that are not Error::VerificationFailed.
  3. We don't change anything, given that the application can trivially check for the Error::UnsupportedParameters case itself.
  4. Any other ideas?

@jcjones
Copy link

jcjones commented Dec 1, 2025

Thorny.

I agree with not changing the redeem_token function, but I would still argue that it's not obvious to check that the Token's authenticator's length needs to be equal to at least one of the public keys. In my case, at the time new to the specification/ecosystem, I decoded the tokens incorrectly. I could tell the pubkeys were correct, but until I dug out the underlying UnsupportedParameters I didn't realize the relationship and where my error was.

Perhaps this is a thing for debug logging instead? Or expanding the doc comment on redeem_token?

@raphaelrobert
Copy link
Owner Author

raphaelrobert commented Dec 1, 2025

I think both options you propose are valid. In the case of debug logging, it would probably be good to have more logging than just for that case. Do you want to file a PR for the solution you prefer?

@jcjones
Copy link

jcjones commented Dec 1, 2025

I'll put together a PR. Thanks!

@jcjones
Copy link

jcjones commented Dec 1, 2025

I've opened #48 to replace this PR.

@raphaelrobert raphaelrobert merged commit 2696bf2 into main Dec 4, 2025
1 check passed
@raphaelrobert raphaelrobert deleted the feat/more-expressive-errors branch December 4, 2025 08:25
@raphaelrobert raphaelrobert mentioned this pull request Dec 4, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@jcjones jcjones jcjones approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@raphaelrobert @jcjones