auth
auth/errors.go
Implement CSRF prevention and pass info to confirmation. Implement CSRF prevention using the nosurf package. Note that the handler still needs to be wrapped before this will work. Pass info on the authorization being requested (namely the client and the scope) to the RenderConfirmation page so that the user can make an educated decision.
1 package auth
3 import "errors"
5 const (
6 ErrorServerError = "server_error"
7 ErrorInvalidRequest = "invalid_request"
8 ErrorAccessDenied = "access_denied"
9 ErrorInvalidClient = "invalid_client"
10 ErrorInvalidGrant = "invalid_grant"
11 ErrorUnauthorizedClient = "unauthorized_client"
12 ErrorUnsupportedGrantType = "unsupported_grant_type"
13 ErrorInvalidScope = "invalid_scope"
14 )
16 var (
17 ClientNotFoundError = errors.New("Client not found.")
18 URIMissingError = errors.New("Redirect URI missing.")
19 InvalidMethodError = errors.New("Invalid request method.")
20 InternalServerError = errors.New("Internal server error.")
21 ErrorNotAuthenticated = errors.New("Not authenticated.")
22 InvalidClientError = errors.New("Invalid client.")
23 AuthorizationNotFoundError = errors.New("Authorization not found.")
24 ProfileNotFoundError = errors.New("Profile not found.")
25 TokenNotFoundError = errors.New("Token not found.")
26 NilClientError = errors.New("Client was nil.")
27 )
29 type URIFormatError string
31 func (err URIFormatError) Error() string {
32 return "Invalid URI format: " + string(err)
33 }
35 type InvalidClientIDError string
37 func (err InvalidClientIDError) Error() string {
38 return "Invalid client ID: " + string(err)
39 }
41 type URIMismatchError struct {
42 uri string
43 mismatch string
44 }
46 func (err URIMismatchError) Error() string {
47 return "Supplied redirect URI " + err.mismatch + " does not match the redirect in the database (" + err.uri + ")"
48 }
50 func NewURIMismatchError(uri, mismatch string) error {
51 return URIMismatchError{
52 uri: uri,
53 mismatch: mismatch,
54 }
55 }