quarkus: Allow quarkus-oidc to customize response body of 403
Description When using quarkus-oidc, providing a wrong token (expired, wrong signature, realm, …) returns a forbidden status, as expected. However, the response body is always empty.
In order to migrate an existing API (which already defines its own response bodies), we would require from quarkus-oidc the possibility to customize and give more information in the response body.
For example, an expired token could produce this response body:
{
"reason": "token_expired",
"message": "Your token is expired."
}
About this issue
- Original URL
- State: closed
- Created 5 years ago
- Comments: 17 (16 by maintainers)
Commits related to this issue
- Allow to customize response body of 403 issued by HTTP policy closes: #5751 — committed to michalvavrik/quarkus by michalvavrik 2 years ago
- Allow to customize response body of 403 issued by HTTP policy closes: #5751 — committed to michalvavrik/quarkus by michalvavrik 2 years ago
- Allow to customize response body of 403 issued by HTTP policy closes: #5751 (cherry picked from commit 07a8803337f0ff4117a0dd0ce10ac71f0980eeb9) — committed to gsmet/quarkus by michalvavrik 2 years ago
#8570 may be the way to go as the JAX-RS users also want to catch the security exceptions with the exception mappers, see #9591