Display specific 'token expired error message' when user tries to perform a 'user action' for which the token has expired?
7:58 a.m.
hi,
Somewhat related to https://issues.jboss.org/browse/KEYCLOAK-2125 (User Actions email link
expires too early): when a user clicks on a ‘users action’ link and the token has expired
we would like to show a specific error message to the user informing him/her of this. E.g.
"We're sorry. The (temporary) token in the link you tried to access has expired.
Please contact your administrator."
Right now when a token (/user session) has expired and the user clicks on the user actions
link in the email he/she sees the generic Keycloak account error screen: "We're
sorry. An error occurred, please login again through your application.". The user now
has no idea what went wrong and in our case cannot even login again as the user has no
password yet.
If I am not mistaken currently this is not possible because the original error code is not
passed on to the error page (error.ftl) from FreeMarkerLoginFormsProvider#createResponse
because the rendered page is of type "ERROR" in which case the original (error)
message (#getFirstMessageUnformatted()) is not added to the list of attributes for the
FTL?
Am I correct in this? If so does it make sense to create a feature request JIRA ticket for
it?
cheers
Edgar
5:16 a.m.
Unformatted error message will just return the key used to lookup the
actual error message. In this case the key is invalidCodeMessage. You can
change what text is displayed for this key by creating a custom theme, add
a message bundle with a different value for that key. Messages should be
changed this way, not by editing the template so there's no need to pass
the "unformatted message" to the ftl.
One issue is that this specific key is used for a few different errors,
including:
* A user clicks on the link again after it has been completed
* The link expires
* A user spends to long trying to login so the code is removed
Ideally we'd have different keys for different scenarios, but it's hard to
identify which is the problem as the code has been removed we're not
actually sure what's going on.
On 10 March 2016 at 14:58, Edgar Vonk - Info.nl <Edgar(a)info.nl> wrote:
hi,
Somewhat related to https://issues.jboss.org/browse/KEYCLOAK-2125 (User
Actions email link expires too early): when a user clicks on a ‘users
action’ link and the token has expired we would like to show a specific
error message to the user informing him/her of this. E.g. "We're sorry. The
(temporary) token in the link you tried to access has expired. Please
contact your administrator."
Right now when a token (/user session) has expired and the user clicks on
the user actions link in the email he/she sees the generic Keycloak account
error screen: "We're sorry. An error occurred, please login again through
your application.". The user now has no idea what went wrong and in our
case cannot even login again as the user has no password yet.
If I am not mistaken currently this is not possible because the original
error code is not passed on to the error page (error.ftl) from
FreeMarkerLoginFormsProvider#createResponse because the rendered page is of
type "ERROR" in which case the original (error) message
(#getFirstMessageUnformatted()) is not added to the list of attributes for
the FTL?
Am I correct in this? If so does it make sense to create a feature request
JIRA ticket for it?
cheers
Edgar
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
6:21 a.m.
Hi Stian,
My excuses. You are completely right. I overlooked the default error message completely.
The reason was that for some reason in our project at some point we had decided to remove
the actual error message from our error.ftl and instead display the same generic error
message for all errors..
cheers
Edgar
On 11 Mar 2016, at 12:16, Stian Thorgersen
<sthorger(a)redhat.com> wrote:
Unformatted error message will just return the key used to lookup the actual error
message. In this case the key is invalidCodeMessage. You can change what text is displayed
for this key by creating a custom theme, add a message bundle with a different value for
that key. Messages should be changed this way, not by editing the template so there's
no need to pass the "unformatted message" to the ftl.
One issue is that this specific key is used for a few different errors, including:
* A user clicks on the link again after it has been completed
* The link expires
* A user spends to long trying to login so the code is removed
Ideally we'd have different keys for different scenarios, but it's hard to
identify which is the problem as the code has been removed we're not actually sure
what's going on.
On 10 March 2016 at 14:58, Edgar Vonk - Info.nl <Edgar(a)info.nl
<mailto:Edgar@info.nl>> wrote:
hi,
Somewhat related to https://issues.jboss.org/browse/KEYCLOAK-2125
<https://issues.jboss.org/browse/KEYCLOAK-2125> (User Actions email link expires too
early): when a user clicks on a ‘users action’ link and the token has expired we would
like to show a specific error message to the user informing him/her of this. E.g.
"We're sorry. The (temporary) token in the link you tried to access has expired.
Please contact your administrator."
Right now when a token (/user session) has expired and the user clicks on the user
actions link in the email he/she sees the generic Keycloak account error screen:
"We're sorry. An error occurred, please login again through your
application.". The user now has no idea what went wrong and in our case cannot even
login again as the user has no password yet.
If I am not mistaken currently this is not possible because the original error code is
not passed on to the error page (error.ftl) from
FreeMarkerLoginFormsProvider#createResponse because the rendered page is of type
"ERROR" in which case the original (error) message
(#getFirstMessageUnformatted()) is not added to the list of attributes for the FTL?
Am I correct in this? If so does it make sense to create a feature request JIRA ticket
for it?
cheers
Edgar
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
<https://lists.jboss.org/mailman/listinfo/keycloak-user>
3225
days inactive
3226
days old
2 comments
2 participants
participants (2)
-
Edgar Vonk - Info.nl -
Stian Thorgersen