Skip to Main Content
Cumulocity IoT Feedback Portal
Status Planning / planned
Created by Florian Huber
Created on Mar 7, 2022

OAuth2 authorization response should properly handled error information

Hi,

When using an external OAuth2 authorization server in Cumulocity the authorization server may deny access or fail to whatever reason the authorization request. In this case, according to RFC 6479, the authorization sever will redirect the user to the client, here Cumulocity tenant, and is allowed to add additional query parameters in the redirect URL. See RFC 6479, section 4.1.


Currently, Cumulocity just shows a generic error, as non-formatted json string in the browser window:

{"error": "general/internalError", "message": "Invalid request - check rest method type.", ...}


It would be great if the Cumulocity tenant properly processes the error information added in the query arguments and dispalys the error information on a proper error page.


Thanks,

Florian



  • Attach files