[keycloak-user] Differnentiate Login Error for Disabled Account (Version 3.4.3 Final)

Thursday, 30 August 2018

When a disabled user tries to login, he gets an error 400 Bad Request (error:
"invalid_grant", error_description: "Account disabled"). However, in
my project, there are multiple reasons for a user to be disabled, which are
distinguishable by certain attributes I set to the user.

My goal is to create a Keycloak extension to customize the response based on those
attributes, so that a different error message can be shown to the user. Providing a
different value error_description would be a solution.

My question is: Is it possible to intercept that error message before it is sent to the
client, and if so, what kind of SPI do I need to write to handle that?

I am using Keycloak version 3.4.3 Final.

Regards,
Patrick Bucher

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

[keycloak-user] Differnentiate Login Error for Disabled Account (Version 3.4.3 Final)