diff --git a/app/controllers/api/base_controller.rb b/app/controllers/api/base_controller.rb index 667670fbdb5..9ea9a39d28e 100644 --- a/app/controllers/api/base_controller.rb +++ b/app/controllers/api/base_controller.rb @@ -199,7 +199,7 @@ def authorize unless authenticate count_login_failure - render_error('unauthorized', :status => :unauthorized, :locals => { :user_login => @available_sso.try(:user) }) + render_error('unauthorized', status: :unauthorized, locals: { user_login: @available_sso.try(:user), message: _(@available_sso.failed_authentication_message)}) return false end diff --git a/app/services/sso/jwt.rb b/app/services/sso/jwt.rb index f85f6deb337..71d447a8994 100644 --- a/app/services/sso/jwt.rb +++ b/app/services/sso/jwt.rb @@ -1,6 +1,7 @@ module SSO class Jwt < Base attr_reader :current_user + attr_reader :failed_authentication_message def available? controller.api_request? && bearer_token_set? && no_issuer? @@ -19,10 +20,12 @@ def authenticate! @current_user = user user&.login rescue JWT::ExpiredSignature - Rails.logger.warn "JWT SSO: Expired JWT token." + @failed_authentication_message = "JWT SSO: Expired JWT token." + Rails.logger.warn @failed_authentication_message nil rescue JWT::DecodeError - Rails.logger.warn "JWT SSO: Failed to decode JWT." + @failed_authentication_message = "JWT SSO: Failed to decode JWT." + Rails.logger.warn @failed_authentication_message nil end