[keycloak-user] Direct Grant and OAuth 2.0 error response

[Marek Posolda]

Maybe you can achieve this by override authentication flow for "direct 
access grants" and plug your own authenticators. Your authenticator will 
catch the exception thrown by your UserFederationProvider and send some 
response corresponding to that. See docs for Authentication SPI for more 
details.

Marek

On 28/01/16 00:59, Fabricio Milone wrote:
> Hi,
>
> I have a direct grant flow working correctly and returning all the 
> information I need using Mappers when the response is OK. However, I 
> would like to include more information in the error response when my 
> Federator doesn't authenticate the username, specifically, my own 
> federator's error codes/messages.
>
> I've been reading the RFC and there is a parameter called 
> error_description in the error response, but not sure how to add a 
> json there (it is supported by the USASCII chars, afaik).
>
> This is my architecture:
>
> Mobile client ---direct access grant---> Keycloak 
> -------validateUser----> Federator
>
> If Error
> Federator ----response---> MyFederatorProvider (on validate() method, 
> parse the response and somehow include the error coming from the 
> federator inside the error_description field of the standard OAuth 2.0 
> response).
>
>
> Can someone please give me a hint on this? Is there any other 
> (better/cleaner) way to do this?
>
> Thanks in advance!
>
> -- 
> *Fabricio Milone*
> Developer
> *
> *
> *
> Shine Consulting *
>
> 30/600 Bourke Street
>
> Melbourne VIC 3000
>
> T: 03 8488 9939
>
> M: 04 3200 4006
>
>
> www.shinetech.com <http://www.shinetech.com/>/*a*/ passion for excellence
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160128/213e83d4/attachment.html