[keycloak-user] Display specific 'token expired error message' when user tries to perform a 'user action' for which the token has expired?

Stian Thorgersen sthorger at redhat.com
Fri Mar 11 06:16:03 EST 2016

Unformatted error message will just return the key used to lookup the
actual error message. In this case the key is invalidCodeMessage. You can
change what text is displayed for this key by creating a custom theme, add
a message bundle with a different value for that key. Messages should be
changed this way, not by editing the template so there's no need to pass
the "unformatted message" to the ftl.

One issue is that this specific key is used for a few different errors,

* A user clicks on the link again after it has been completed
* The link expires
* A user spends to long trying to login so the code is removed

Ideally we'd have different keys for different scenarios, but it's hard to
identify which is the problem as the code has been removed we're not
actually sure what's going on.

On 10 March 2016 at 14:58, Edgar Vonk - Info.nl <Edgar at info.nl> wrote:

> hi,
> Somewhat related to https://issues.jboss.org/browse/KEYCLOAK-2125 (User
> Actions email link expires too early): when a user clicks on a ‘users
> action’ link and the token has expired we would like to show a specific
> error message to the user informing him/her of this. E.g. "We're sorry. The
> (temporary) token in the link you tried to access has expired. Please
> contact your administrator."
> Right now when a token (/user session) has expired and the user clicks on
> the user actions link in the email he/she sees the generic Keycloak account
> error screen: "We're sorry. An error occurred, please login again through
> your application.". The user now has no idea what went wrong and in our
> case cannot even login again as the user has no password yet.
> If I am not mistaken currently this is not possible because the original
> error code is not passed on to the error page (error.ftl) from
> FreeMarkerLoginFormsProvider#createResponse because the rendered page is of
> type "ERROR" in which case the original (error) message
> (#getFirstMessageUnformatted()) is not added to the list of attributes for
> the FTL?
> Am I correct in this? If so does it make sense to create a feature request
> JIRA ticket for it?
> cheers
> Edgar
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160311/2ccf0e17/attachment-0001.html 

More information about the keycloak-user mailing list