EmailOTP Authenticator returning generic error for expired OTPs

[Pratheesha97]

Issue Description EmailOTP Authenticator returns generic error "authentication.fail.message" for expired OTPs [1] whereas SMSOTP authenticator checks and returns "token.expired" for expired OTPs [2].

[1] - https://github.com/wso2-extensions/identity-outbound-auth-email-otp/blob/v3.0.25/component/authenticator/src/main/java/org/wso2/carbon/identity/authenticator/emailotp/EmailOTPAuthenticator.java#L983-L998

[2] - https://github.com/wso2-extensions/identity-outbound-auth-sms-otp/blob/v3.1.9/component/authenticator/src/main/java/org/wso2/carbon/identity/authenticator/smsotp/SMSOTPAuthenticator.java#L692-L731

Steps to Reproduce

1. Configure EMAIL OTP and add it to a SP as a MFA option [3].

2. Configure SMS OTP and add it to a SP as a MFA option [4][5].

3. In addition to the EmailOTP and SMSOTP configurations, add the following configuration to the deployment.toml so that it displays the value of the 'authFailureMsg' passed in the payload.

[authentication.authenticator.email_otp.parameters]
showAuthFailureReason = true

[authentication.authenticator.sms_otp.parameters]
showAuthFailureReason = true

4. Login to the Service Provider, submit an expired OTP to the SMSOTP and EmailOTP authenticators and observe the error message passed in the payload.

[3] - https://is.docs.wso2.com/en/5.10.0/learn/configuring-email-otp/?=[^@]*?@#configure-the-email-otp-provider [4] - https://is.docs.wso2.com/en/5.10.0/learn/configuring-sms-otp/ [5] - https://is.docs.wso2.com/en/5.10.0/learn/configuring-multifactor-authentication/#enable-smsotp

Product : wso2is-5.10.0 Related Git Issues: wso2/product-is#15525

[melanisilva]

Closing this since the issue is fixed, Feel free to reopen if there are any concerns.