Idea - Provide a handled response for inactive users logging in

Provide a handled response for inactive users logging in

New

End-user Management

When a deactivated user tries to login through the built-in login provider (not sure about external), an unspecific exception is thrown with the message "Login failed". It would be a lot more usefull if the login actually returns a reason for invalid login (just like UserLoginFailureReason: InvalidCredentials or TooManyFailedLoginAttempts).

This would help in knowing when we need to contact the users API for ODC in order to be able to reactivate or atleast provide the user with a clear message.

Schermafbeelding 2025-03-13 134727.png

13 Mar 2025

Sriyamini

Your idea is good because developers and support teams can identify problems without unnecessary troubleshooting. If an account is disabled, the system can guide a resolution instead of confusing the user.

But I think some security problems can arise if the user tries to estimate the valid usernames of the attackers and reveal the causes of specific errors. If the external certification provider (eg OAuth, Saml) does not provide detailed, this solution cannot continuously function in all login methods.

Thanks,

Sriyamini J

15 Mar 2025