PAS - Spring Security - Customizing OAUTH Exception messages

Posted by brianlafertewk on 28-Mar-2018 07:58

I am currently investigating using OAUTH security with PASOE.  I've got creation of JWT tokens and validation of tokens, including security using scopes working, and accessing the token properties in the ABL using client principal all working.

Now I'm trying to control the exceptions sent back when invalid tokens are sent in, or tokens are trying to get access to resources they don't have the scope for .  The default messages look something like:

{
"error": "insufficient_scope",
"error_description": "Insufficient scope for this resource",
"scope": "Admin"
}

Is there way in PAS (or Spring) to control these responses?  The default return more information than I think should be given to the caller.   I checked oeablSecurity.properties and the Web Application Security section of the documentation, but don't see anything obvious.

Thanks,

Brian

All Replies

Posted by Santosh Behera on 28-Mar-2018 08:18

Hi Brian,

AFAIK we don't have any control over the responses. We pass on the messages to the client that we got from authorization server.

HTH

Posted by Irfan on 28-Mar-2018 11:57

Brian,

We do not have the option for limiting the responses from OAuth2 in PASOE yet. Can you please request for a enhancement request through Tech Support.

This thread is closed