-
Notifications
You must be signed in to change notification settings - Fork 0
/
errors.go
36 lines (31 loc) · 1.26 KB
/
errors.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
package pkce
import (
"errors"
"fmt"
)
var (
// ErrMethodDowngrade enforces compliance with RFC 7636, 7.2.
//
// Clients MUST NOT downgrade to "plain" after trying the "S256" method.
// Servers that support PKCE are required to support "S256", and servers
// that do not support PKCE will simply ignore the unknown
// "code_verifier". Because of this, an error when "S256" is presented
// can only mean that the server is faulty or that a MITM attacker is
// trying a downgrade attack.
ErrMethodDowngrade = errors.New("clients must not downgrade to 'plain' after trying the 'S256' method")
// ErrMethodNotSupported enforces the use of compliant transform methods
ErrMethodNotSupported = errors.New("clients must use either 'plain' or 'S256' as a transform method")
// ErrVerifierCharacters enforces character compliance with the unreserved
// character set as specified in RFC 7636, 4.1.
ErrVerifierCharacters = fmt.Errorf(
"code verifier must only contain unreserved characters from the set: {'%s'}",
unreserved,
)
// ErrVerifierLength enforces compliance with the minimum and maximum
// lengths as specified in RFC 7636, 4.1.
ErrVerifierLength = fmt.Errorf(
"code verifier must be between %d and %d characters long",
verifierMinLen,
verifierMaxLen,
)
)