What is the appropriate way to handle the errors returned from IDTokenVerifier.Verify()?

[AyushSenapati]

Well to give some context, I am using go-oidc in a middleware to verify JWT token. *oidc.IDTokenVerifier.Verify() returns IDToken and error. The verify function could possibly return different errors. Depending on the errors I want to return appropriate HTTP status code to the user. But it looks like the pkg does not expose error types.

In the source code I see the errors are returned like below: fmt.Errorf("oidc: malformed jwt: %v", err) or fmt.Errorf("oidc: source does not exist") etc.

So I am not sure how to compare these errors and return appropriate HTTP status code. For now I am using strings.Contain() to compare, but I don't know if there is any better way to do this.

[mitar]

Yes, those errors should be made into exported values so you can use errors.Is to compare them.

[ericchiang]

What kind of errors would you want to differentiate? My experience with auth code is that it's best to be conservative, and effectively treat all errors as a 401.