Error types and safe message mapping for Sigra authentication.
Sigra uses structured error types for precise internal error handling,
combined with a safe_message/1 function that maps internal errors to
enumeration-safe user-facing strings.
Error Types
Sigra.Error.InvalidCredentials-- wrong email or passwordSigra.Error.TokenExpired-- token past its TTLSigra.Error.TokenInvalid-- token is malformed or tamperedSigra.Error.RateLimited-- too many requestsSigra.Error.AccountLocked-- account temporarily lockedSigra.Error.OAuthError-- OAuth operation failed (provider, error_code)
Enumeration Prevention
The safe_message/1 function ensures that user-facing messages never
leak information about which part of authentication failed. For example,
:invalid_credentials always returns "Invalid email or password." --
never "wrong password" or "user not found".
Summary
Functions
Maps an internal error atom to an enumeration-safe user-facing message.
Functions
Maps an internal error atom to an enumeration-safe user-facing message.
These messages are intentionally generic to prevent user enumeration attacks. Internal code uses precise error atoms; the safe message is for display to end users.
Examples
iex> Sigra.Error.safe_message(:invalid_credentials)
"Invalid email or password."
iex> Sigra.Error.safe_message(:token_expired)
"This link has expired. Please request a new one."