clarifying audit comments

hoo29 · Jul 10, 2021 · 32216f8 · 32216f8
1 parent 03fb0d3
commit 32216f8
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/src/main/java/space/huws/apps/ClientRoleAuthenticator.java b/src/main/java/space/huws/apps/ClientRoleAuthenticator.java
@@ -48,9 +48,13 @@ public void authenticate(AuthenticationFlowContext context) {
              * defined case for ACCESS_DENIED and will return the default INVALID_USER_CREDENTIALS error to the browser, which
              * might be confusing for users as their credentials are valid.
              * 
+             * The audit event generated is also INVALID_USER_CREDENTIALS which is again not correct.
+             * 
              * We create our own error page to return a more accurate error.
              */
+
             context.getEvent().error(Errors.ACCESS_DENIED);
+
             final LoginFormsProvider forms = context.form();
             forms.setError(Messages.ACCESS_DENIED);
             final Response errorResponse = forms.createErrorPage(Response.Status.FORBIDDEN);