This repository has been archived by the owner on Mar 18, 2019. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy patherror.go
146 lines (118 loc) · 4.51 KB
/
error.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
// This Source Code Form is subject to the terms of the Mozilla Public
// License, version 2.0. If a copy of the MPL was not distributed with this
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
package oauth2
import (
"log"
"net/url"
"github.com/hooklift/oauth2/types"
)
// Implements OAuth2 errors in accordance with:
// http://tools.ietf.org/html/rfc6749#section-4.1.2.1
// http://tools.ietf.org/html/rfc6749#section-4.2.2.1
// http://tools.ietf.org/html/rfc6749#section-5.2
// Errors returned to resource owner in accordance with spec.
var (
ErrRedirectURLMismatch = types.AuthzError{
Code: "access_denied",
Description: "3rd-party client app provided a redirect_uri that does not match the URI registered for this client in our database.",
}
ErrRedirectURLInvalid = types.AuthzError{
Code: "access_denied",
Description: "3rd-party client app provided an invalid redirect_uri. It does not comply with http://tools.ietf.org/html/rfc3986#section-4.3 or does not use HTTPS.",
}
ErrClientIDMissing = types.AuthzError{
Code: "unauthorized_client",
Description: "3rd-party client app didn't send us its client ID.",
}
ErrClientIDNotFound = types.AuthzError{
Code: "unauthorized_client",
Description: "3rd-party client app requesting access to your resources was not found in our database.",
}
ErrUnauthorizedClient = types.AuthzError{
Code: "unauthorized_client",
Description: "You must provide an authorization header with your client credentials.",
}
ErrUnsupportedGrantType = types.AuthzError{
Code: "unsupported_grant_type",
Description: "grant_type provided is not supported by this authorization server.",
}
ErrInvalidGrant = types.AuthzError{
Code: "invalid_grant",
Description: "The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.",
}
ErrUnathorizedUser = types.AuthzError{
Code: "access_denied",
Description: "Resource owner credentials are invalid.",
}
ErrInvalidScope = types.AuthzError{
Code: "invalid_scope",
Description: "Scope exceeds the scope granted by the resource owner.",
}
ErrClientIDMismatch = types.AuthzError{
Code: "invalid_request",
Description: "Authenticated client did not generate token used.",
}
ErrUnsupportedTokenType = types.AuthzError{
Code: "invalid_token",
Description: "Unsupported token type.",
}
ErrAccessTokenRequired = types.AuthzError{
Code: "invalid_request",
Description: "An access token is required to access this resource.",
}
ErrInvalidToken = types.AuthzError{
Code: "invalid_token",
Description: "Access token expired or was revoked.",
}
ErrInsufficientScope = types.AuthzError{
Code: "insufficient_scope",
Description: "The request requires higher privileges than provided by the access token.",
}
)
// Encodes errors as query string values in accordance to http://tools.ietf.org/html/rfc6749#section-4.1.2.1
func EncodeErrInURI(u *url.URL, err types.AuthzError) {
queryStr := u.Query()
queryStr.Set("error", err.Code)
if err.Description != "" {
queryStr.Set("error_description", err.Description)
}
if err.State != "" {
queryStr.Set("state", err.State)
}
if err.URI != "" {
queryStr.Set("error_uri", err.URI)
}
u.RawQuery = queryStr.Encode()
}
// Errors returned to 3rd-party client apps in accordance to spec.
func ErrUnsupportedResponseType(state string) types.AuthzError {
return types.AuthzError{
Code: "unsupported_response_type",
Description: "Authorization server does not support obtaining an authorization code using this authorization flow.",
State: state,
}
}
func ErrStateRequired(state string) types.AuthzError {
return types.AuthzError{
Code: "invalid_request",
Description: "state parameter is required by this authorization server.",
State: state,
}
}
func ErrScopeRequired(state string) types.AuthzError {
return types.AuthzError{
Code: "invalid_request",
Description: "scope parameter is required by this authorization server.",
State: state,
}
}
func ErrServerError(state string, err error) types.AuthzError {
log.Printf("[ERROR] Internal server error: %v", err)
return types.AuthzError{
Code: "server_error",
Description: `The authorization server encountered an unexpected condition that
prevented it from fulfilling the request.`,
State: state,
}
}