What is the appropriate way to handle the errors returned from IDTokenVerifier.Verify()? #327
Comments
AyushSenapati
changed the title
|
Yes, those errors should be made into exported values so you can use |
|
What kind of errors would you want to differentiate? My experience with auth code is that it's best to be conservative, and effectively treat all errors as a 401. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Well to give some context, I am using go-oidc in a middleware to verify JWT token. *oidc.IDTokenVerifier.Verify() returns IDToken and error. The verify function could possibly return different errors. Depending on the errors I want to return appropriate HTTP status code to the user. But it looks like the pkg does not expose error types.
In the source code I see the errors are returned like below:
fmt.Errorf("oidc: malformed jwt: %v", err) or fmt.Errorf("oidc: source does not exist")etc.So I am not sure how to compare these errors and return appropriate HTTP status code.
For now I am using
strings.Contain()to compare, but I don't know if there is any better way to do this.The text was updated successfully, but these errors were encountered: