LG-227 Improve OIDC token code error message #2133
Conversation
config/locales/openid_connect/fr.yml
Outdated
| invalid_code: code non valide | ||
| invalid_code: est non valide soit parce qu'il est périmé, soit parce qu'il | ||
| ne correspond à aucun utilisateur. Veuillez consultez notre documentation | ||
| à https://developers.login.gov/oidc/#token |
There was a problem hiding this comment.
Note that this endpoint is only called by agency applications, not by users, so it is very unlikely they are passing in any language parameters. In other words, I don't think this needs to be translated, but I updated the French string because I know French. If someone wants to provide the Spanish string in a timely manner, then I can update it. Otherwise, this should not hold up this PR.
monfresh
force-pushed
the
mb-lg-227-oidc-error-message
branch
from
e99f22b to
07c7b13
Compare
|
@jgsmith-usds See my hidden comment above: #2133 (review) |
|
Maybe:
It reads okay to me. But I agree that it's low priority since this is aimed at developers of federal web applications. |
**Why**: Some agency developers have been sending requests to our OIDC token endpoint with an invalid code, and received a generic "Code invalid code" error message. **How**: Explain why the code is invalid and point developers to our documentation.
monfresh
force-pushed
the
mb-lg-227-oidc-error-message
branch
from
07c7b13 to
868ee86
Compare
Why: Some agency developers have been sending requests to our
OIDC token endpoint with an invalid code, and received a generic
"Code invalid code" error message.
How: Explain why the code is invalid and point developers to
our documentation.
Hi! Before submitting your PR for review, and/or before merging it, please
go through the following checklist:
For DB changes, check for missing indexes, check to see if the changes
affect other apps (such as the dashboard), make sure the DB columns in the
various environments are properly populated, coordinate with devops, plan
migrations in separate steps.
For route changes, make sure GET requests don't change state or result in
destructive behavior. GET requests should only result in information being
read, not written.
For encryption changes, make sure it is compatible with data that was
encrypted with the old code.
For secrets changes, make sure to update the S3 secrets bucket with the
new configs in all environments.
Do not disable Rubocop or Reek offenses unless you are absolutely sure
they are false positives. If you're not sure how to fix the offense, please
ask a teammate.
When reading data, write tests for nil values, empty strings,
and invalid formats.
When calling
redirect_toin a controller, use_url, not_path.When adding user data to the session, use the
user_sessionhelperinstead of the
sessionhelper so the data does not persist beyond the user'ssession.
When adding a new controller that requires the user to be fully
authenticated, make sure to add
before_action :confirm_two_factor_authenticated.