[keycloak-user] Differnentiate Login Error for Disabled Account (Version 3.4.3 Final)
Patrick Bucher
patrick.bucher at peax.ch
Thu Aug 30 11:35:25 EDT 2018
When a disabled user tries to login, he gets an error 400 Bad Request (error: "invalid_grant", error_description: "Account disabled"). However, in my project, there are multiple reasons for a user to be disabled, which are distinguishable by certain attributes I set to the user.
My goal is to create a Keycloak extension to customize the response based on those attributes, so that a different error message can be shown to the user. Providing a different value error_description would be a solution.
My question is: Is it possible to intercept that error message before it is sent to the client, and if so, what kind of SPI do I need to write to handle that?
I am using Keycloak version 3.4.3 Final.
Regards,
Patrick Bucher
More information about the keycloak-user
mailing list