go.charczuk.com@v0.0.0-20240327042549-bc490516bd1a/sdk/oauth/constants.go

go.charczuk.com@v0.0.0-20240327042549-bc490516bd1a/sdk/oauth/constants.go (about)

     1  /*
     2  
     3  Copyright (c) 2023 - Present. Will Charczuk. All rights reserved.
     4  Use of this source code is governed by a MIT license that can be found in the LICENSE file at the root of the repository.
     5  
     6  */
     7  
     8  package oauth
     9  
    10  import "github.com/coreos/go-oidc/v3/oidc"
    11  
    12  var (
    13  	// DefaultScopes is the default oauth scopes.
    14  	DefaultScopes = []string{
    15  		oidc.ScopeOpenID,
    16  		"email",
    17  		"profile",
    18  	}
    19  )
    20  
    21  const (
    22  	// GoogleKeysURL is the url we fetch google's public verification keys in JWK form.
    23  	GoogleKeysURL = "https://www.googleapis.com/oauth2/v3/certs"
    24  	// GoogleIssuer is the expected `iss` field on JWTs from google.
    25  	GoogleIssuer = "https://accounts.google.com"
    26  	// GoogleIssuerAlternate is the alternate expected `iss` field on JWTs from google.
    27  	GoogleIssuerAlternate = "accounts.google.com"
    28  )
    29  
    30  const (
    31  	// ErrCodeMissing is returned if the code was missing from an oauth return request.
    32  	ErrCodeMissing Error = "state missing from request"
    33  	// ErrStateMissing is returned if the state was missing from an oauth return request.
    34  	ErrStateMissing Error = "state missing from request"
    35  	// ErrInvalidHostedDomain is an error returned if the JWT hosted zone doesn't match any of the whitelisted domains.
    36  	ErrInvalidHostedDomain Error = "hosted domain validation failed"
    37  	// ErrInvalidAntiforgeryToken is an error returns on oauth finish that indicates we didn't originate the auth request.
    38  	ErrInvalidAntiforgeryToken Error = "invalid anti-forgery token"
    39  
    40  	// ErrInvalidJWTAudience is an error in validing the token jwt.
    41  	ErrInvalidJWTAudience Error = "invalid jwt audience; should match clientID"
    42  	// ErrInvalidJWTIssuer is an error in validing the token jwt.
    43  	ErrInvalidJWTIssuer Error = "invalid jwt issuer; should be a valid google issuer"
    44  	// ErrInvalidJWTHostedDomain is an error in validing the token jwt.
    45  	ErrInvalidJWTHostedDomain Error = "invalid jwt hosted domain; must be in the allowed domain list"
    46  	// ErrInvalidJWT is returned when we fail to decode or verify the token jwt.
    47  	ErrInvalidJWT Error = "invalid jwt; failed to decode or verify"
    48  
    49  	// ErrProfileJSONUnmarshal is an error returned if the json unmarshal failed.
    50  	ErrProfileJSONUnmarshal Error = "profile json unmarshal failed"
    51  
    52  	// ErrFailedCodeExchange happens if the code exchange for an access token fails.
    53  	ErrFailedCodeExchange Error = "oauth code exchange failed"
    54  	// ErrGoogleResponseStatus is an error that can occur when querying the google apis.
    55  	ErrGoogleResponseStatus Error = "google returned a non 2xx response"
    56  
    57  	// ErrSecretRequired is a configuration error indicating we did not provide a secret.
    58  	ErrSecretRequired Error = "manager secret required"
    59  	// ErrClientIDRequired is a self validation error.
    60  	ErrClientIDRequired Error = "clientID is required"
    61  	// ErrClientSecretRequired is a self validation error.
    62  	ErrClientSecretRequired Error = "clientSecret is required"
    63  	// ErrRedirectURIRequired is a self validation error.
    64  	ErrRedirectURIRequired Error = "redirectURI is required"
    65  	// ErrInvalidRedirectURI is an error in validating the redirect uri.
    66  	ErrInvalidRedirectURI Error = "invalid redirectURI"
    67  )
    68  
    69  // Error is an error string.
    70  type Error string
    71  
    72  // Error returns the error as a string.
    73  func (e Error) Error() string { return string(e) }