58 lines
2.2 KiB
Go
58 lines
2.2 KiB
Go
package rp
|
|
|
|
import (
|
|
"fmt"
|
|
"time"
|
|
)
|
|
|
|
var (
|
|
ErrIssuerInvalid = func(expected, actual string) *validationError {
|
|
return ValidationError("Issuer does not match. Expected: %s, got: %s", expected, actual)
|
|
}
|
|
ErrAudienceMissingClientID = func(clientID string) *validationError {
|
|
return ValidationError("Audience is not valid. Audience must contain client_id (%s)", clientID)
|
|
}
|
|
ErrAzpMissing = func() *validationError {
|
|
return ValidationError("Authorized Party is not set. If Token is valid for multiple audiences, azp must not be empty")
|
|
}
|
|
ErrAzpInvalid = func(azp, clientID string) *validationError {
|
|
return ValidationError("Authorized Party is not valid. azp (%s) must be equal to client_id (%s)", azp, clientID)
|
|
}
|
|
ErrExpInvalid = func(exp time.Time) *validationError {
|
|
return ValidationError("Token has expired %v", exp)
|
|
}
|
|
ErrIatInFuture = func(exp, now time.Time) *validationError {
|
|
return ValidationError("IssuedAt of token is in the future (%v, now with offset: %v)", exp, now)
|
|
}
|
|
ErrIatToOld = func(maxAge, iat time.Time) *validationError {
|
|
return ValidationError("IssuedAt of token must not be older than %v, but was %v (%v to old)", maxAge, iat, maxAge.Sub(iat))
|
|
}
|
|
ErrNonceInvalid = func(expected, actual string) *validationError {
|
|
return ValidationError("nonce does not match. Expected: %s, got: %s", expected, actual)
|
|
}
|
|
ErrAcrInvalid = func(expected []string, actual string) *validationError {
|
|
return ValidationError("acr is invalid. Expected one of: %v, got: %s", expected, actual)
|
|
}
|
|
|
|
ErrAuthTimeNotPresent = func() *validationError {
|
|
return ValidationError("claim `auth_time` of token is missing")
|
|
}
|
|
ErrAuthTimeToOld = func(maxAge, authTime time.Time) *validationError {
|
|
return ValidationError("Auth Time of token must not be older than %v, but was %v (%v to old)", maxAge, authTime, maxAge.Sub(authTime))
|
|
}
|
|
ErrSignatureInvalidPayload = func() *validationError {
|
|
return ValidationError("Signature does not match Payload")
|
|
}
|
|
)
|
|
|
|
func ValidationError(message string, args ...interface{}) *validationError {
|
|
return &validationError{fmt.Sprintf(message, args...)} //TODO: impl
|
|
}
|
|
|
|
type validationError struct {
|
|
message string
|
|
}
|
|
|
|
func (v *validationError) Error() string {
|
|
return v.message
|
|
}
|