From 897d72ba108989561f11ec47019dab8c1a132735 Mon Sep 17 00:00:00 2001
From: Nelson Vides <nelson.vides@erlang-solutions.com>
Date: Tue, 9 May 2023 12:36:39 +0200
Subject: [PATCH] Response to scram failures with a generic not-authorized

---
 src/sasl/cyrsasl_scram.erl | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/sasl/cyrsasl_scram.erl b/src/sasl/cyrsasl_scram.erl
index 1798d5a28e4..b9cd3c52026 100644
--- a/src/sasl/cyrsasl_scram.erl
+++ b/src/sasl/cyrsasl_scram.erl
@@ -60,7 +60,8 @@ mech_step(State, ClientIn) ->
             Creds1 = mongoose_credentials:extend(Creds0, R),
             {ok, Creds1};
         {error, Reason, _} ->
-            {error, Reason}
+            ?LOG_INFO(#{what => scram_authentication_failed, reason => Reason}),
+            {error, <<"not-authorized">>}
     end.
 
 -spec get_scram_attributes(mongooseim:host_type(), jid:jid(), sha()) -> scram_att() | error().