Hi!
Is there any way we can customize the error response from the /connect/token
endpoint depending on what kind of error did occur? For example right now the only way to determine if the user's password is incorrect or if the user has not yet verified their email address is to look at the error_description
field (which should not be used to react to errors).
// Incorrect password:
{
"error": "invalid_grant",
"error_description": "Invalid username or password!"
}
// Not verified email address:
{
"error": "invalid_grant",
"error_description": "You are not allowed to login! You need to confirm your email/phone number."
}
- ABP Framework version: v4.4.2
- UI type: MVC
- DB provider: EF Core
- Tiered (MVC) or Identity Server Separated (Angular): no
- Exception message and stack trace:
- Steps to reproduce the issue:"
3 Answer(s)
-
0
You can override localization of
AbpIdentityServerResource
by extending it. Please check localization docs. -
0
Thanks, we'll look into that. Is there no way to add extra fields to the token error response?
We would like our front-end to be able to determine why the user was unable to authenticate and display the appropriate message, e.g. to send an email confirmation token if the email has not been verified.
-
2
These kind of errors are logged because of security reasons. Furthermore, you need to set
Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII=true
even to see some of the details in logs. These are done for security reasons.If you want to ignore it and share the error details, probably you need to override some identityserver core functionality. Since we are using that library, it is better to ask in identityserver 4 github issues if it is possible and what to override.