[keycloak-user] Display specific 'token expired error message' when user tries to perform a 'user action' for which the token has expired?

Edgar Vonk - Info.nl Edgar at info.nl
Fri Mar 11 07:21:16 EST 2016

Hi Stian,

My excuses. You are completely right. I overlooked the default error message completely. The reason was that for some reason in our project at some point we had decided to remove the actual error message from our error.ftl and instead display the same generic error message for all errors..



> On 11 Mar 2016, at 12:16, Stian Thorgersen <sthorger at redhat.com> wrote:
> Unformatted error message will just return the key used to lookup the actual error message. In this case the key is invalidCodeMessage. You can change what text is displayed for this key by creating a custom theme, add a message bundle with a different value for that key. Messages should be changed this way, not by editing the template so there's no need to pass the "unformatted message" to the ftl.
> One issue is that this specific key is used for a few different errors, including:
> * A user clicks on the link again after it has been completed
> * The link expires
> * A user spends to long trying to login so the code is removed
> Ideally we'd have different keys for different scenarios, but it's hard to identify which is the problem as the code has been removed we're not actually sure what's going on.
> On 10 March 2016 at 14:58, Edgar Vonk - Info.nl <Edgar at info.nl <mailto:Edgar at info.nl>> wrote:
> hi,
> Somewhat related to https://issues.jboss.org/browse/KEYCLOAK-2125 <https://issues.jboss.org/browse/KEYCLOAK-2125> (User Actions email link expires too early): when a user clicks on a ‘users action’ link and the token has expired we would like to show a specific error message to the user informing him/her of this. E.g. "We're sorry. The (temporary) token in the link you tried to access has expired. Please contact your administrator."
> Right now when a token (/user session) has expired and the user clicks on the user actions link in the email he/she sees the generic Keycloak account error screen: "We're sorry. An error occurred, please login again through your application.". The user now has no idea what went wrong and in our case cannot even login again as the user has no password yet.
> If I am not mistaken currently this is not possible because the original error code is not passed on to the error page (error.ftl) from FreeMarkerLoginFormsProvider#createResponse because the rendered page is of type "ERROR" in which case the original (error) message (#getFirstMessageUnformatted()) is not added to the list of attributes for the FTL?
> Am I correct in this? If so does it make sense to create a feature request JIRA ticket for it?
> cheers
> Edgar
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-user <https://lists.jboss.org/mailman/listinfo/keycloak-user>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160311/8b47491a/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20160311/8b47491a/attachment.bin 

More information about the keycloak-user mailing list