When logging in with OAuth, bad password results in "Invalid grant" as error

[mraible]

I'm using the Stormpath Angular SDK with Spring Boot Stormpath Starter version 2.0.0-okta-rc1. If I enter a bad password, the error message is "Invalid grant" rather than "Invalid username or password.".

You can reproduce this problem using HTTPie. The following will work.

http -f POST localhost:8080/oauth/token grant_type=password username=VALID_USERNAME password=CORRECT_PASSWORD

This does not:

http -f POST localhost:8080/oauth/token grant_type=password username=VALID_USERNAME password=BAD_PASSWORD

HTTP/1.1 400
Cache-Control: no-store, no-cache
Connection: close
Content-Length: 53
Content-Type: application/json;charset=ISO-8859-1
Date: Thu, 01 Jun 2017 14:58:09 GMT
Expires: 0
Pragma: no-cache
Set-Cookie: JSESSIONID=6A12DD8C7656A3BD4ADD9EEE5DBF6B02; Path=/; HttpOnly
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block

{
    "error": "invalid_request",
    "message": "Invalid grant"
}

[bdemers]

"Invalid grant" is the error is the error message we receive back from Okta. To change this, we will need to handle this case specifically. We need to look into this a bit more and make sure that the we only do this for user/password requests