Exclude username in password grant error message using OAuth config

wso2-extensions · Dec 5, 2024 · 7f869f2 · 7f869f2
1 parent 654bc26
commit 7f869f2
Showing 1 changed file with 3 additions and 11 deletions.
diff --git a/.../main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/PasswordGrantHandler.java b/.../main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/PasswordGrantHandler.java
@@ -388,16 +388,8 @@ private AuthenticatedUser validateUserCredentials(OAuth2AccessTokenReqDTO tokenR
             if (isPublishPasswordGrantLoginEnabled) {
                 publishAuthenticationData(tokenReq, false, serviceProvider);
             }
-            if (MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equalsIgnoreCase(MultitenantUtils.getTenantDomain
-                    (tokenReq.getResourceOwnerUsername()))) {
-                throw new IdentityOAuth2Exception("Authentication failed for " + tenantAwareUserName);
-            }
-            username = tokenReq.getResourceOwnerUsername();
-            if (IdentityTenantUtil.isTenantQualifiedUrlsEnabled()) {
-                // For tenant qualified urls, no need to send fully qualified username in response.
-                username = tenantAwareUserName;
-            }
-            throw new IdentityOAuth2Exception("Authentication failed for " + username);
+
+            throw new IdentityOAuth2Exception("Authentication failed");
         } catch (UserStoreClientException e) {
             if (isPublishPasswordGrantLoginEnabled) {
                 publishAuthenticationData(tokenReq, false, serviceProvider);
@@ -435,7 +427,7 @@ private AuthenticatedUser validateUserCredentials(OAuth2AccessTokenReqDTO tokenR
             if (log.isDebugEnabled()) {
                 log.debug(message, e);
             }
-            throw new IdentityOAuth2Exception(message);
+            throw new IdentityOAuth2Exception("Authentication failed");
         } finally {
             UserCoreUtil.removeUserMgtContextInThreadLocal();
             if (log.isDebugEnabled()) {