From bdc242492185d5768f2349e54cac4475b29f1c1b Mon Sep 17 00:00:00 2001
From: Ali Hassan <97635301+alihdev@users.noreply.github.com>
Date: Tue, 3 Sep 2024 13:18:41 +0300
Subject: [PATCH] Add specific error codes for Authentication failures in
 OpenIddict TokenController.Password

---
 .../Abp/OpenIddict/Controllers/TokenController.Password.cs | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.Password.cs b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.Password.cs
index 470debf115..9a5c945003 100644
--- a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.Password.cs
+++ b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.Password.cs
@@ -108,10 +108,13 @@ await IdentitySecurityLogManager.SaveAsync(new IdentitySecurityLogContext
                     });
 
                     string errorDescription;
+                    string errorCode;
+                    
                     if (result.IsLockedOut)
                     {
                         Logger.LogInformation("Authentication failed for username: {username}, reason: locked out", request.Username);
                         errorDescription = "The user account has been locked out due to invalid login attempts. Please wait a while and try again.";
+                        errorCode = "account_locked"
                     }
                     else if (result.IsNotAllowed)
                     {
@@ -128,16 +131,18 @@ await IdentitySecurityLogManager.SaveAsync(new IdentitySecurityLogContext
                         }
 
                         errorDescription = "You are not allowed to login! Your account is inactive or needs to confirm your email/phone number.";
+                        errorCode = "account_inactive"
                     }
                     else
                     {
                         Logger.LogInformation("Authentication failed for username: {username}, reason: invalid credentials", request.Username);
                         errorDescription = "Invalid username or password!";
+                        errorCode = OpenIddictConstants.Errors.InvalidGrant
                     }
 
                     var properties = new AuthenticationProperties(new Dictionary<string, string>
                     {
-                        [OpenIddictServerAspNetCoreConstants.Properties.Error] = OpenIddictConstants.Errors.InvalidGrant,
+                        [OpenIddictServerAspNetCoreConstants.Properties.Error] = errorCode,
                         [OpenIddictServerAspNetCoreConstants.Properties.ErrorDescription] = errorDescription
                     });