Maybe you can achieve this by override authentication flow for "direct access grants" and plug your own authenticators. Your authenticator will catch the exception thrown by your UserFederationProvider and send some response corresponding to that. See docs for Authentication SPI for more details.

Marek

On 28/01/16 00:59, Fabricio Milone wrote:

Hi,

I have a direct grant flow working correctly and returning all the information I need using Mappers when the response is OK. However, I would like to include more information in the error response when my Federator doesn't authenticate the username, specifically, my own federator's error codes/messages.

I've been reading the RFC and there is a parameter called error_description in the error response, but not sure how to add a json there (it is supported by the USASCII chars, afaik).

This is my architecture:

Mobile client ---direct access grant---> Keycloak -------validateUser----> Federator

If Error

Federator ----response---> MyFederatorProvider (on validate() method, parse the response and somehow include the error coming from the federator inside the error_description field of the standard OAuth 2.0 response).

Can someone please give me a hint on this? Is there any other (better/cleaner) way to do this?

Thanks in advance!

--

Fabricio Milone

Developer

Shine Consulting
30/600 Bourke Street

Melbourne VIC 3000

T: 03 8488 9939

M: 04 3200 4006

www.shinetech.com a passion for excellence
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user