86 lines
1.9 KiB
Go
86 lines
1.9 KiB
Go
|
package server
|
||
|
|
||
|
import (
|
||
|
"net/http"
|
||
|
"net/url"
|
||
|
|
||
|
"github.com/coreos/go-oidc/oauth2"
|
||
|
)
|
||
|
|
||
|
const (
|
||
|
errorInvalidClientMetadata = "invalid_client_metadata"
|
||
|
errorInvalidRequest = "invalid_request"
|
||
|
errorServerError = "server_error"
|
||
|
errorAccessDenied = "access_denied"
|
||
|
)
|
||
|
|
||
|
type apiError struct {
|
||
|
Type string `json:"error"`
|
||
|
Description string `json:"error_description,omitempty"`
|
||
|
}
|
||
|
|
||
|
func (e *apiError) Error() string {
|
||
|
return e.Type
|
||
|
}
|
||
|
|
||
|
func newAPIError(typ, desc string) *apiError {
|
||
|
return &apiError{Type: typ, Description: desc}
|
||
|
}
|
||
|
|
||
|
func writeAPIError(w http.ResponseWriter, code int, err error) {
|
||
|
aerr, ok := err.(*apiError)
|
||
|
if !ok {
|
||
|
aerr = newAPIError(errorServerError, "")
|
||
|
}
|
||
|
if aerr.Type == "" {
|
||
|
aerr.Type = errorServerError
|
||
|
}
|
||
|
if code == 0 {
|
||
|
code = http.StatusInternalServerError
|
||
|
}
|
||
|
writeResponseWithBody(w, code, aerr)
|
||
|
}
|
||
|
|
||
|
func writeTokenError(w http.ResponseWriter, err error, state string) {
|
||
|
oerr, ok := err.(*oauth2.Error)
|
||
|
if !ok {
|
||
|
oerr = oauth2.NewError(oauth2.ErrorServerError)
|
||
|
}
|
||
|
oerr.State = state
|
||
|
|
||
|
var status int
|
||
|
switch oerr.Type {
|
||
|
case oauth2.ErrorInvalidClient:
|
||
|
status = http.StatusUnauthorized
|
||
|
w.Header().Set("WWW-Authenticate", "Basic")
|
||
|
default:
|
||
|
status = http.StatusBadRequest
|
||
|
}
|
||
|
|
||
|
writeResponseWithBody(w, status, oerr)
|
||
|
}
|
||
|
|
||
|
func writeAuthError(w http.ResponseWriter, err error, state string) {
|
||
|
oerr, ok := err.(*oauth2.Error)
|
||
|
if !ok {
|
||
|
oerr = oauth2.NewError(oauth2.ErrorServerError)
|
||
|
}
|
||
|
oerr.State = state
|
||
|
writeResponseWithBody(w, http.StatusBadRequest, oerr)
|
||
|
}
|
||
|
|
||
|
func redirectAuthError(w http.ResponseWriter, err error, state string, redirectURL url.URL) {
|
||
|
oerr, ok := err.(*oauth2.Error)
|
||
|
if !ok {
|
||
|
oerr = oauth2.NewError(oauth2.ErrorServerError)
|
||
|
}
|
||
|
|
||
|
q := redirectURL.Query()
|
||
|
q.Set("error", oerr.Type)
|
||
|
q.Set("state", state)
|
||
|
redirectURL.RawQuery = q.Encode()
|
||
|
|
||
|
w.Header().Set("Location", redirectURL.String())
|
||
|
w.WriteHeader(http.StatusTemporaryRedirect)
|
||
|
}
|