I am currently investigating using OAUTH security with PASOE. I've got creation of JWT tokens and validation of tokens, including security using scopes working, and accessing the token properties in the ABL using client principal all working.
Now I'm trying to control the exceptions sent back when invalid tokens are sent in, or tokens are trying to get access to resources they don't have the scope for . The default messages look something like:
{
"error": "insufficient_scope",
"error_description": "Insufficient scope for this resource",
"scope": "Admin"
}
Is there way in PAS (or Spring) to control these responses? The default return more information than I think should be given to the caller. I checked oeablSecurity.properties and the Web Application Security section of the documentation, but don't see anything obvious.
Thanks,
Brian
Hi Brian,
AFAIK we don't have any control over the responses. We pass on the messages to the client that we got from authorization server.
HTH
Brian,
We do not have the option for limiting the responses from OAuth2 in PASOE yet. Can you please request for a enhancement request through Tech Support.