What happens on the server if the client sends invalid input?

[Arlen22]

I can't find anywhere in the documentation where it says what happens if the client fails to login (enters the wrong password or otherwise gives malformed input).

Especially here, where it is the most important, and also expected.

// server
const { sessionKey } = opaque.server.finishLogin({
  finishLoginRequest,
  serverLoginState,
});

[nikgraf]

For this particular case (finishLogin) it would fail with an error. Just tried it out to confirm:

 ⨯ Error: opaque protocol error at "finish server login"; Error in validating credentials
    at imports.wbg.__wbindgen_error_new (../../build/ristretto/esm/index.js:519:20)
    at Object.finishServerLogin [as finishLogin] (../../build/ristretto/esm/index.js:278:21)
    at POST (src/app/api/login/finish/route.ts:35:39)
  517 |     };
  518 |     imports.wbg.__wbindgen_error_new = function(arg0, arg1) {
> 519 |         const ret = new Error(getStringFromWasm0(arg0, arg1));
      |                    ^
  520 |         return ret;
  521 |     };
  522 |     imports.wbg.__wbindgen_in = function(arg0, arg1) {

In general for startLogin if the user exists, but a wrong password is provided a dummy response is returned that looks like a real one so the user can't brute-force it. But then when trying to run client.finishLogin it will fail. see https://docs.rs/opaque-ke/latest/opaque_ke/#dummy-server-login

Does this help?

P.S: To feel comfortable with the system, I recommend to copy one of the examples and play with them.