[keycloak-user] Custom message in authenticator script

Vagelis Savvas vagelis.savvas at gmail.com
Wed Dec 12 03:04:06 EST 2018 

Thank you a lot Dmitry, that did the trick.

I had to add:

   context.resetFlow();

when my script fails the authentication because of invalid input on my extra
(but optional) input field.

If I didn't reset the flow then a valid username/password
but invalid input on my extra field would leave the flow
in a state where hitting the refresh browser button
would re-post and would cause the auth to succeed (because of the
valid username/passwords). Hope this sounds clear :-)

Cheers,
Vagelis

On 11/12/2018 20:49, Dmitry Telegin wrote:
> Hello Vagelis,
>
> You can use the following snippet:
>
> function myError(context) {
>      return context.form()
>              .setError("My i18n-ed custom message", []).createLogin();
> }
>
> function authenticate(context) {
>
>      ...
>
>      if (authShouldFail) {
>          var challengeResponse = myError(context);
> //        context.failure(AuthenticationFlowError.INVALID_USER);
>          context.failureChallenge(AuthenticationFlowError.INVALID_CREDENTIALS, challengeResponse);
>          return;
>      }
>
>      context.success();
>
> }
>
> Good luck,
> Dmitry Telegin
> CTO, Acutus s.r.o.
> Keycloak Consulting and Training
>
> Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
> +42 (022) 888-30-71
> E-mail: info at acutus.pro
>
> On Tue, 2018-12-11 at 17:45 +0200, Vagelis Savvas wrote:
>> Hello,
>> I have created a theme and extended the base login form with an extra
>> input field.
>> I've also created a Script Authenticator that checks the value of the
>> extra field and permits or not the authentication.
>> My authenticator script runs after the builtin 'Username Password form'
>> (Browser flow).
>> Now I would like to do two things when authentication fails because of
>> my script:
>>
>> 1. Use a custom i18n error message instead of showing one of  the
>> messages of the builtin AuthenticationFlowError. Is there a way to do so?
>> 2. Stay on the login page and show the error message instead of being
>> sent to a 'We're sorry...' page with a link back to the login form.
>> For instance the builtin 'Username Password form' stays on the login
>> form with an error message when authentication fails which is nice and
>> clean.
>> Currently I fail the authentication with 'context.clearUser();
>> context.failure(AuthenticationFlowError.INVALID_CREDENTIALS);'
>> but I've tried various methods from 'context' without achieving either 1
>> or 2 of my requirements.
>>
>> Cheers,
>> Vagelis
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list