github.com/blend/go-sdk@v1.20240719.1/oauth/constants.go

github.com/blend/go-sdk@v1.20240719.1/oauth/constants.go (about)

     1  /*
     2  
     3  Copyright (c) 2024 - Present. Blend Labs, Inc. All rights reserved
     4  Use of this source code is governed by a MIT license that can be found in the LICENSE file.
     5  
     6  */
     7  
     8  package oauth
     9  
    10  var (
    11  	// DefaultScopes is the default oauth scopes.
    12  	DefaultScopes = []string{
    13  		"openid",
    14  		"email",
    15  		"profile",
    16  	}
    17  )
    18  
    19  const (
    20  	// GoogleKeysURL is the url we fetch google's public verification keys in JWK form.
    21  	GoogleKeysURL = "https://www.googleapis.com/oauth2/v3/certs"
    22  	// GoogleIssuer is the expected `iss` field on JWTs from google.
    23  	GoogleIssuer = "https://accounts.google.com"
    24  	// GoogleIssuerAlternate is the alternate expected `iss` field on JWTs from google.
    25  	GoogleIssuerAlternate = "accounts.google.com"
    26  )
    27  
    28  const (
    29  	// ErrCodeMissing is returned if the code was missing from an oauth return request.
    30  	ErrCodeMissing Error = "state missing from request"
    31  	// ErrStateMissing is returned if the state was missing from an oauth return request.
    32  	ErrStateMissing Error = "state missing from request"
    33  	// ErrInvalidHostedDomain is an error returned if the JWT hosted zone doesn't match any of the whitelisted domains.
    34  	ErrInvalidHostedDomain Error = "hosted domain validation failed"
    35  	// ErrInvalidAntiforgeryToken is an error returns on oauth finish that indicates we didn't originate the auth request.
    36  	ErrInvalidAntiforgeryToken Error = "invalid anti-forgery token"
    37  
    38  	// ErrInvalidJWTAudience is an error in validing the token jwt.
    39  	ErrInvalidJWTAudience Error = "invalid jwt audience; should match clientID"
    40  	// ErrInvalidJWTIssuer is an error in validing the token jwt.
    41  	ErrInvalidJWTIssuer Error = "invalid jwt issuer; should be a valid google issuer"
    42  	// ErrInvalidJWTHostedDomain is an error in validing the token jwt.
    43  	ErrInvalidJWTHostedDomain Error = "invalid jwt hosted domain; must be in the allowed domain list"
    44  	// ErrInvalidJWT is returned when we fail to decode or verify the token jwt.
    45  	ErrInvalidJWT Error = "invalid jwt; failed to decode or verify"
    46  
    47  	// ErrProfileJSONUnmarshal is an error returned if the json unmarshal failed.
    48  	ErrProfileJSONUnmarshal Error = "profile json unmarshal failed"
    49  
    50  	// ErrFailedCodeExchange happens if the code exchange for an access token fails.
    51  	ErrFailedCodeExchange Error = "oauth code exchange failed"
    52  	// ErrGoogleResponseStatus is an error that can occur when querying the google apis.
    53  	ErrGoogleResponseStatus Error = "google returned a non 2xx response"
    54  
    55  	// ErrSecretRequired is a configuration error indicating we did not provide a secret.
    56  	ErrSecretRequired Error = "manager secret required"
    57  	// ErrClientIDRequired is a self validation error.
    58  	ErrClientIDRequired Error = "clientID is required"
    59  	// ErrClientSecretRequired is a self validation error.
    60  	ErrClientSecretRequired Error = "clientSecret is required"
    61  	// ErrRedirectURIRequired is a self validation error.
    62  	ErrRedirectURIRequired Error = "redirectURI is required"
    63  	// ErrInvalidRedirectURI is an error in validating the redirect uri.
    64  	ErrInvalidRedirectURI Error = "invalid redirectURI"
    65  )