Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-8790

Better error message when resource owner auth failed with grant_type=password

    Details

    • Type: New Feature
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 12.0.2, 12.0.4, 13.5.0, 14.0.0
    • Fix Version/s: 14.0.0
    • Component/s: oauth2
    • Labels:
    • Sprint:
      AM Sustaining Sprint 31, AM Sustaining Sprint 32
    • Story Points:
      3
    • Support Ticket IDs:

      Description

      The messages that are returned back during an error are misleading. For example:

      This is the error when I use grant_type = password and I enter a invalid user name:

      { 
      "error": "invalid_grant", 
      "error_description": "The provided access grant is invalid, expired, or revoked." 
      }
      

      This is the error when I use grant_type = password and I enter a invalid password:

      { 
      "error": "invalid_grant", 
      "error_description": "The provided access grant is invalid, expired, or revoked." 
      }
      

      Preferably the error message should something more like:

      {
      "error": "invalid_grant", 
      "error_description": "Resource owner authentication failed" 
      }
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                sachiko Sachiko Wallace
                Reporter:
                shariq.faruqi@forgerock.com shariq faruqi [X] (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: