Feature: More granular error codes for more granular handling
Description:
When a user authenticates to an application, they are redirected back to the application via the callback URL and sometimes the URL contains error information. For example:
This is fine, but we need an error code (probably in addition to access_denied) that is more specific about why access was denied.
Use-case:
We want to show an error description to the user that is specific to, for example, the not-an-org-member scenario but uses different wording than the error description in the URL. For example, rather than showing:
user okta|example|C00x48yvkflxrzI3PO4d6 is not part of the org_x24s789Co19fz0H
We want to show something like:
Ask an administrator of the organization to add you as a member or log out and log back into a different organization.
The problem is we can’t show our custom error message whenever error=access_denied because access_denied covers a broad array of errors. Likewise, we’d rather not try to determine if error_description is a specific value/pattern, because then we’re dependent on the English phrasing in the description, which may change at any time or may be a different language
Is there a recommended solution for such a case? What I’d really like to see is some sort of finer-grained error code that is specific to the case of the user not being a member of the organization. That would allow us to key off of a stable error code rather than regexing on English phrasing.
Thank you for considering!