Wrong error message for login API if account is not active

Hi Team,

I am using below API to login to user account whose account status is inactive(active = 0) in database , but error message I get is not correct

image

Database : snapshot
image

Tomcat log :
image

Message : {
“error”: “invalid_grant”,
“error_description”: “Bad credentials”
}

Instead it can be something like
{
“error”: “invalid_user”,
“error_description”: “Account not active”
}

Thanks
Shanur

Hi Shanur,

We don’t think it’s a good idea to reveal the reason why the login is unsuccessful. The same is in web UI: a user just get the message about invalid credentials.

Regards,
Konstantin

Hi ,

In our application when user register account will be inactive. We are sending email to verify the email address and on click of email link the account will get activated. In this case before verifying the email if user tried to login we need to tell the user that account is not active and verification is pending.

But If account is active and user enters wrong user name or password then we can tell Bad credentials.

Thanks
Shanur

You can override the LoginPasswordAuthenticationProvider bean and throw LoginException with appropriate message.

OK Thanks.