Hi @Frederic , to prevent detailed error codes from being returned and always show a generic error message, you can create an OAuth2 custom error technical profile in your custom policy. This technical profile allows you to define custom error codes and messages that will be returned to your application.
Here's a high-level overview of the steps you need to follow:
- Define an OAuth2 error technical profile.
- Set the error code and error message claims.
- Call the OAuth2 error technical profile from your user journey.
Hopefully this helps! Please let me know if you have any questions and I can help you further.
If this answer helps you please mark "Accept Answer" so other users can reference it.
Thank you,
James