Update authrequest.go
Rewrote error messages with a consistent structure to explain said errors, as well as a transition to the administrator's contact information. The administrator's information will needed to be plugged in by a more knowledgeable contributor. Note that because I am not familiar with Go, some of the error messages may have an incorrect explanation for the error. I encourage a double check on the terminology and logic explained in my messages. If there are any errors, please correct the terminology and logic while retaining the sentence structure.
This commit is contained in:
JCustin
GitHub
parent
2966355b0e
commit
e54ab63c1c
1 changed files with 9 additions and 9 deletions
|
|
@ -79,24 +79,24 @@ func ValidateAuthRequest(ctx context.Context, authReq *oidc.AuthRequest, storage
|
|||
|
||||
func ValidateAuthReqScopes(scopes []string) error {
|
||||
if len(scopes) == 0 {
|
||||
return ErrInvalidRequest("scope missing")
|
||||
return ErrInvalidRequest("Unforuntately, the scope of your request is missing. Please ensure your scope value is not 0, and try again. If you have any questions, you may contact the administrator of the application at:")
|
||||
}
|
||||
if !utils.Contains(scopes, oidc.ScopeOpenID) {
|
||||
return ErrInvalidRequest("scope openid missing")
|
||||
return ErrInvalidRequest)("Unfortunately, the scope openid of your request is missing. Please ensure your scope openid is complete and accurate, and try again. If you have any questions, you may contact the administrator of the application at:")
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func ValidateAuthReqRedirectURI(ctx context.Context, uri, client_id string, responseType oidc.ResponseType, storage OPStorage) error {
|
||||
if uri == "" {
|
||||
return ErrInvalidRequestRedirectURI("redirect_uri must not be empty")
|
||||
return ErrInvalidRequestRedirectURI("Unfortunately, the client's redirect_uri is missing. Please ensure your redirect_uri is complete and accurate, and try again. If you have any questions, you may contact the administrator of the application at:")
|
||||
}
|
||||
client, err := storage.GetClientByClientID(ctx, client_id)
|
||||
if err != nil {
|
||||
return ErrServerError(err.Error())
|
||||
}
|
||||
if !utils.Contains(client.RedirectURIs(), uri) {
|
||||
return ErrInvalidRequestRedirectURI("redirect_uri not allowed")
|
||||
return ErrInvalidRequestRedirectURI("Unfortunately, the client's redirect_uri is missing. Please ensure your redirect_uri is complete and accurate, and try again. If you have any questions, you may contact the administrator of the application at:")//(Writer's note: This may not be correct. Please double check its accuracy.)
|
||||
}
|
||||
if strings.HasPrefix(uri, "https://") {
|
||||
return nil
|
||||
|
|
@ -108,13 +108,13 @@ func ValidateAuthReqRedirectURI(ctx context.Context, uri, client_id string, resp
|
|||
if client.ApplicationType() == ApplicationTypeNative {
|
||||
return nil
|
||||
}
|
||||
return ErrInvalidRequest("redirect_uri not allowed")
|
||||
return ErrInvalidRequest("Unfortunately, this client's redirect_uri is private and is not allowed. If you have any questions, you may contact the administrator of the application at:")
|
||||
} else {
|
||||
if client.ApplicationType() != ApplicationTypeNative {
|
||||
return ErrInvalidRequestRedirectURI("redirect_uri not allowed")
|
||||
return ErrInvalidRequestRedirectURI("Unfortunately, the client's application type does not match the native platform. Please ensure the client's application type is compatible, and try again. If you have any questions, you may contact the administrator of the application at:") //(Writer's note: This may not be correct. Please double check its accuracy.)
|
||||
}
|
||||
if !(strings.HasPrefix(uri, "http://localhost:") || strings.HasPrefix(uri, "http://localhost/")) {
|
||||
return ErrInvalidRequestRedirectURI("redirect_uri not allowed")
|
||||
return ErrInvalidRequestRedirectURI("Unfortunately, this redirect_uri lacks a 'http://localhost/' prefix. Please ensure the redirect_uri has the appropiate prefix, and try again. If you have any questions, you may contact the administrator of the application at:")
|
||||
}
|
||||
}
|
||||
return nil
|
||||
|
|
@ -122,7 +122,7 @@ func ValidateAuthReqRedirectURI(ctx context.Context, uri, client_id string, resp
|
|||
|
||||
func ValidateAuthReqResponseType(responseType oidc.ResponseType) error {
|
||||
if responseType == "" {
|
||||
return ErrInvalidRequest("response_type empty")
|
||||
return ErrInvalidRequest("Unfortunately, a response type is missing in your request. Please ensure the response type is complete and accurate, and try again. If you have any questions, you may contact the administrator of the application at:")
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
|
@ -133,7 +133,7 @@ func ValidateAuthReqIDTokenHint(ctx context.Context, idTokenHint string, verifie
|
|||
}
|
||||
claims, err := verifier.Verify(ctx, "", idTokenHint)
|
||||
if err != nil {
|
||||
return "", ErrInvalidRequest("id_token_hint invalid")
|
||||
return "", ErrInvalidRequest("Unfortunately, the id_token_hint is invalid. Please ensure the id_token_hint is complete and accurate, and try again. If you have any questions, you may contact the administrator of the application at:")
|
||||
}
|
||||
return claims.Subject, nil
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue