paroga
commented
9 years ago Use the server.errorHandler({ mode: 'indirect' }) middleware in combination with new AuthorizationError(...).
Open kitlee opened 9 years ago
paroga
commented
9 years ago Use the server.errorHandler({ mode: 'indirect' }) middleware in combination with new AuthorizationError(...).
kitlee
commented
9 years ago Thank you for the suggestion. I can display the correct error message to user now, but it may not be what I exactly expected.
passport.use(new LocalStrategy(function(username, password, callback){
User.login(username, password, function (err, user, response) {
if (err) {
callback(err);
} else {
if (user) {
callback(null, user);
} else {
var err = new oauth2orize.AuthorizationError(response.message, null, null, response,statusCode);
callback(err); // this is the failure message 'Incorrect username/password'
}
}
});
}));With this implementation, when I entered the incorrect username or password, I could get:
AuthorizationError: Incorrect username or password
[error stacks]
...But it happened at the OAuth2 provider site, can I return the error message to the OAuth2 consumers and let them decide the way to display the message.
Also, could I prevent the error stacks from being exposed to users?
kitlee
commented
9 years ago Error stacks are hidden with server.errorHandler(), that is direct mode
I have successfully implemented an OAuth2 server in my application, I am trying to return the failure message to the user, such as 'Incorrect username/password', my local strategy looks like this now:
With this implementation, I can show the message to users in the very simple, clean and clear webpage.
Can I pass the message to the client's redirect_uri, something like:
http://OAuth2Client.com/auth/OAuth2Provider/callback?message=Incorrect%20username%2Fpassword