Wrong error message for login API if account is not active

Hi Team,

I am using below API to login to user account whose account status is inactive(active = 0) in database , but error message I get is not correct


Database : snapshot

Tomcat log :

Message : {
“error”: “invalid_grant”,
“error_description”: “Bad credentials”

Instead it can be something like
“error”: “invalid_user”,
“error_description”: “Account not active”


Hi Shanur,

We don’t think it’s a good idea to reveal the reason why the login is unsuccessful. The same is in web UI: a user just get the message about invalid credentials.


Hi ,

In our application when user register account will be inactive. We are sending email to verify the email address and on click of email link the account will get activated. In this case before verifying the email if user tried to login we need to tell the user that account is not active and verification is pending.

But If account is active and user enters wrong user name or password then we can tell Bad credentials.


You can override the LoginPasswordAuthenticationProvider bean and throw LoginException with appropriate message.

OK Thanks.