Starts in:
2 DAYS
11 HRS
9 MIN
46 SEC
Starts in:
2 D
11 H
9 M
46 S
Open Closed

How to customize oauth token endpoint error response? #2305


User avatar
0
hansmogren created

Hi!

Is there any way we can customize the error response from the /connect/token endpoint depending on what kind of error did occur? For example right now the only way to determine if the user's password is incorrect or if the user has not yet verified their email address is to look at the error_description field (which should not be used to react to errors).

// Incorrect password:

{
  "error": "invalid_grant",
  "error_description": "Invalid username or password!"
}

// Not verified email address:

{
  "error": "invalid_grant",
  "error_description": "You are not allowed to login! You need to confirm your email/phone number."
}
  • ABP Framework version: v4.4.2
  • UI type: MVC
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): no
  • Exception message and stack trace:
  • Steps to reproduce the issue:"

3 Answer(s)
  • User Avatar
    0
    gterdem created
    Senior .NET Developer

    You can override localization of AbpIdentityServerResource by extending it. Please check localization docs.

  • User Avatar
    0
    hansmogren created

    Thanks, we'll look into that. Is there no way to add extra fields to the token error response?

    We would like our front-end to be able to determine why the user was unable to authenticate and display the appropriate message, e.g. to send an email confirmation token if the email has not been verified.

  • User Avatar
    2
    gterdem created
    Senior .NET Developer

    These kind of errors are logged because of security reasons. Furthermore, you need to set Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII=true even to see some of the details in logs. These are done for security reasons.

    If you want to ignore it and share the error details, probably you need to override some identityserver core functionality. Since we are using that library, it is better to ask in identityserver 4 github issues if it is possible and what to override.

Made with ❤️ on ABP v9.1.0-preview. Updated on November 20, 2024, 13:06