Currently when we POST /oauth/token.json and we get something other than a 200 response, we show a generic "Incorrect username or password" error, but there are other reasons authentication might fail, like suspension or failure to confirm their email address, so instead of the current message, let's show the error_description in the JSON response.
[ ] Try to submit the locale parameter in the POST request so the response can be localized (if the app is already including the Accept-Language header I think that will suffice)
[ ] When the response to POST /oauth/token.json is not success, read the JSON in the body and populate the body of the alert with the value of the error_description attribute (which the server should localize according to the locale in the request body)
alexshepard
commented
1 year ago
Currently when we
POST /oauth/token.jsonand we get something other than a 200 response, we show a generic "Incorrect username or password" error, but there are other reasons authentication might fail, like suspension or failure to confirm their email address, so instead of the current message, let's show theerror_descriptionin the JSON response.localeparameter in the POST request so the response can be localized (if the app is already including theAccept-Languageheader I think that will suffice)POST /oauth/token.jsonis not success, read the JSON in the body and populate the body of the alert with the value of theerror_descriptionattribute (which the server should localize according to thelocalein the request body)Follow-up to #631