errorDescription in context.SetError() not shown in response body

Found in

EPiServer.ContentDeliveryApi 1.0.1

Fixed in

EPiServer.ContentDeliveryApi 2.1.0

Created

Jul 20, 2018

Updated

Oct 30, 2018

State

Closed, Fixed and tested


Description

Steps to reproduce:

Step to reproduce:

  1. Send POST request to create an access token using a wrong user/password.

Expected:
Response body shows both "error" and "error_description" like below:

    "error": "invalid_grant",
    "error_description": "Invalid user ID or password"

Actual:
Return error code 400 without error_description in response body:

    "error": "invalid_grant"

Observed in code: context.SetError(OAuthErrors.InvalidGrant, "Invalid user ID or password'");

Note: Similar issue might happen in more scenarios as context.SetError() are called in different places with both parameters 'error' and 'errorDescription' but the message text of 'errorDescription' is not shown in response body.