Hi Team,
I am using below API to login to user account whose account status is inactive(active = 0) in database , but error message I get is not correct
Database : snapshot
Tomcat log :
Message : {
“error”: “invalid_grant”,
“error_description”: “Bad credentials”
}
Instead it can be something like
{
“error”: “invalid_user”,
“error_description”: “Account not active”
}
Thanks
Shanur
Hi Shanur,
We don’t think it’s a good idea to reveal the reason why the login is unsuccessful. The same is in web UI: a user just get the message about invalid credentials.
Regards,
Konstantin
Hi ,
In our application when user register account will be inactive. We are sending email to verify the email address and on click of email link the account will get activated. In this case before verifying the email if user tried to login we need to tell the user that account is not active and verification is pending.
But If account is active and user enters wrong user name or password then we can tell Bad credentials.
Thanks
Shanur
You can override the LoginPasswordAuthenticationProvider bean and throw LoginException with appropriate message.
OK Thanks.