Re: [keycloak-user] Custom message in authenticator script

Hello Vagelis, You can use the following snippet: function myError(context) { return context.form() .setError("My i18n-ed custom message", []).createLogin(); } function authenticate(context) { ... if (authShouldFail) { var challengeResponse = myError(context); // context.failure(AuthenticationFlowError.INVALID_USER); context.failureChallenge(AuthenticationFlowError.INVALID_CREDENTIALS, challengeResponse); return; } context.success(); } Good luck, Dmitry Telegin CTO, Acutus s.r.o. Keycloak Consulting and Training Pod lipami street 339/52, 130 00 Prague 3, Czech Republic +42 (022) 888-30-71 E-mail: info(a)acutus.pro On Tue, 2018-12-11 at 17:45 +0200, Vagelis Savvas wrote: > Hello, > I have created a theme and extended the base login form with an extra > input field. > I've also created a Script Authenticator that checks the value of the > extra field and permits or not the authentication. > My authenticator script runs after the builtin 'Username Password form' > (Browser flow). > Now I would like to do two things when authentication fails because of > my script: > > 1. Use a custom i18n error message instead of showing one of  the > messages of the builtin AuthenticationFlowError. Is there a way to do so? > 2. Stay on the login page and show the error message instead of being > sent to a 'We're sorry...' page with a link back to the login form. > For instance the builtin 'Username Password form' stays on the login > form with an error message when authentication fails which is nice and > clean. > Currently I fail the authentication with 'context.clearUser(); > context.failure(AuthenticationFlowError.INVALID_CREDENTIALS);' > but I've tried various methods from 'context' without achieving either 1 > or 2 of my requirements. > > Cheers, > Vagelis > > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user