B
brianlafertewk
Guest
I am currently investigating using OAUTH security with PASOE. I've got creation of JWT tokens and validation of tokens, including security using scopes working, and accessing the token properties in the ABL using client principal all working. Now I'm trying to control the exceptions sent back when invalid tokens are sent in, or tokens are trying to get access to resources they don't have the scope for . The default messages look something like: { "error": "insufficient_scope", "error_description": "Insufficient scope for this resource", "scope": "Admin" } Is there way in PAS (or Spring) to control these responses? The default return more information than I think should be given to the caller. I checked oeablSecurity.properties and the Web Application Security section of the documentation, but don't see anything obvious. Thanks, Brian
Continue reading...
Continue reading...