src/api/SIGCM2.Domain/Exceptions/InvalidRefreshTokenException.cs

@@ -0,0 +1,24 @@
+namespace SIGCM2.Domain.Exceptions;
+
+/// <summary>
+/// Thrown when a refresh token is invalid (not found, expired, malformed, or user mismatch).
+/// Maps to HTTP 401 with a generic error message — never reveal the specific reason to the client.
+/// </summary>
+public sealed class InvalidRefreshTokenException : Exception
+{
+    public InvalidRefreshTokenException(string message = "Invalid refresh token")
+        : base(message) { }
+}
+
+/// <summary>
+/// Thrown when a previously-rotated (revoked) refresh token is presented again.
+/// Triggers chain revocation of the entire token family.
+/// Maps to HTTP 401 with the SAME generic message as InvalidRefreshTokenException
+/// to avoid leaking information to attackers.
+/// The backend logs distinguish between the two cases.
+/// </summary>
+public sealed class TokenReuseDetectedException : Exception
+{
+    public TokenReuseDetectedException()
+        : base("Token reuse detected") { }
+}