I have a AuthorizationServer which uses password grant_type using Spring Security. I am using this for a mobile application. When a user enters their username and password to log in, the app calls the token endpoint and generates a token, if they are an authenticated user. This is all handled by password grant_type itself. For an unsuccessful login, it returns below general error with 400 HTTP status code.
{
"error": "invalid_grant",
"error_description": "Bad credentials"
}
For my scenario I need to customize this error message. Is their a way to change this error message?
I tried the suggested duplicate question: Customize authentication failure response in Spring Security using AuthenticationFailureHandler, but it uses the formLogin and it's not working with my implementation.
I couldn't find an answer to this problem for many days. Finally, I got help from one of my colleagues. He asked me to follow this tutorial and it worked for me. Now I could transform the default spring framework response to my response template as follows.
{
"status": 400,
"message": "Invalid username or password",
"timestamp": "2020-06-19T10:58:29.973+00:00",
"payload": null
}
But still, we don't know, why authenticationFailure handler is not working. Hope this helps.