Removed detailed errors

restapi/errors.go

@@ -30,7 +30,6 @@ import (
 var (
 	ErrDefault                          = errors.New("an error occurred, please try again")
 	ErrInvalidLogin                     = errors.New("invalid Login")
-	ErrUnauthorized                     = errors.New("401 Unauthorized - please check logs")
 	ErrForbidden                        = errors.New("403 Forbidden")
 	ErrBadRequest                       = errors.New("400 Bad Request")
 	ErrFileTooLarge                     = errors.New("413 File too Large")
@@ -54,6 +53,7 @@ var (
 	ErrAvoidSelfAccountDelete           = errors.New("logged in user cannot be deleted by itself")
 	ErrAccessDenied                     = errors.New("access denied")
 	ErrOauth2Provider                   = errors.New("unable to contact configured identity provider")
+	ErrOauth2Login                      = errors.New("unable to login using configured identity provider")
 	ErrNonUniqueAccessKey               = errors.New("access key already in use")
 	ErrRemoteTierExists                 = errors.New("specified remote tier already exists")
 	ErrRemoteTierNotFound               = errors.New("specified remote tier was not found")

restapi/user_login.go

@@ -148,7 +148,7 @@ func getLoginResponse(params authApi.LoginParams) (*models.LoginResponse, *Coded
 		// prepare console credentials
 		consoleCreds, err = getConsoleCredentials(lr.AccessKey, lr.SecretKey, clientIP)
 		if err != nil {
-			return nil, ErrorWithContext(ctx, err, ErrInvalidLogin)
+			return nil, ErrorWithContext(ctx, ErrInvalidLogin)
 		}
 	}
 
@@ -158,7 +158,7 @@ func getLoginResponse(params authApi.LoginParams) (*models.LoginResponse, *Coded
 	}
 	sessionID, err := login(consoleCreds, sf)
 	if err != nil {
-		return nil, ErrorWithContext(ctx, ErrUnauthorized, ErrInvalidLogin)
+		return nil, ErrorWithContext(ctx, ErrInvalidLogin)
 	}
 	// serialize output
 	loginResponse := &models.LoginResponse{
@@ -236,8 +236,8 @@ func getLoginDetailsResponse(params authApi.LoginDetailParams, openIDProviders o
 func verifyUserAgainstIDP(ctx context.Context, provider auth.IdentityProviderI, code, state string) (*credentials.Credentials, error) {
 	userCredentials, err := provider.VerifyIdentity(ctx, code, state)
 	if err != nil {
-		LogError("error validating user identity against idp: %v", err)
-		return nil, err
+		LogError("error validating user identity against idp")
+		return nil, ErrInvalidLogin
 	}
 	return userCredentials, nil
 }
@@ -271,7 +271,7 @@ func getLoginOauth2AuthResponse(params authApi.LoginOauth2AuthParams, openIDProv
 
 		oauth2Client, err := openIDProviders.NewOauth2ProviderClient(IDPName, nil, r, GetConsoleHTTPClient("", getClientIP(params.HTTPRequest)), GetConsoleHTTPClient(getMinIOServer(), getClientIP(params.HTTPRequest)))
 		if err != nil {
-			return nil, ErrorWithContext(ctx, err)
+			return nil, ErrorWithContext(ctx, ErrOauth2Provider)
 		}
 		// initialize new identity provider
 
@@ -283,7 +283,7 @@ func getLoginOauth2AuthResponse(params authApi.LoginOauth2AuthParams, openIDProv
 		// Validate user against IDP
 		userCredentials, err := verifyUserAgainstIDP(ctx, identityProvider, *lr.Code, state)
 		if err != nil {
-			return nil, ErrorWithContext(ctx, err)
+			return nil, ErrorWithContext(ctx, ErrOauth2Login)
 		}
 		// initialize admin client
 		// login user against console and generate session token
@@ -292,7 +292,7 @@ func getLoginOauth2AuthResponse(params authApi.LoginOauth2AuthParams, openIDProv
 			AccountAccessKey:   "",
 		}, nil)
 		if err != nil {
-			return nil, ErrorWithContext(ctx, err)
+			return nil, ErrorWithContext(ctx, ErrOauth2Login)
 		}
 		// serialize output
 		loginResponse := &models.LoginResponse{