Applying reviewer comments

server-spi-private/src/main/java/org/keycloak/broker/provider/IdentityBrokerException.java

@@ -20,7 +20,7 @@ package org.keycloak.broker.provider;
  * @author pedroigor
  */
 public class IdentityBrokerException extends RuntimeException {
-
+    private String messageCode;
     public IdentityBrokerException(String message) {
         super(message);
     }
@@ -28,4 +28,13 @@ public class IdentityBrokerException extends RuntimeException {
     public IdentityBrokerException(String message, Throwable t) {
         super(message, t);
     }
+
+    public IdentityBrokerException withMessageCode(String messageCode) {
+        this.messageCode = messageCode;
+        return this;
+    }
+
+    public String getMessageCode() {
+        return messageCode;
+    }
 }

server-spi-private/src/main/java/org/keycloak/broker/provider/IdentityBrokerUnmatchedEssentialClaimException.java

@@ -1,31 +0,0 @@
-/*
- * Copyright 2016 Red Hat, Inc. and/or its affiliates
- * and other contributors as indicated by the @author tags.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.keycloak.broker.provider;
-
-/**
- * @author dmartino
- */
-public class IdentityBrokerUnmatchedEssentialClaimException extends RuntimeException {
-
-    public IdentityBrokerUnmatchedEssentialClaimException(String message) {
-        super(message);
-    }
-
-    public IdentityBrokerUnmatchedEssentialClaimException(String message, Throwable t) {
-        super(message, t);
-    }
-}

services/src/main/java/org/keycloak/broker/oidc/AbstractOAuth2IdentityProvider.java

@@ -28,7 +28,6 @@ import org.keycloak.broker.provider.BrokeredIdentityContext;
 import org.keycloak.broker.provider.ExchangeExternalToken;
 import org.keycloak.broker.provider.ExchangeTokenToIdentityProviderToken;
 import org.keycloak.broker.provider.IdentityBrokerException;
-import org.keycloak.broker.provider.IdentityBrokerUnmatchedEssentialClaimException;
 import org.keycloak.broker.provider.IdentityProvider;
 import org.keycloak.broker.provider.util.IdentityBrokerState;
 import org.keycloak.broker.provider.util.SimpleHttp;
@@ -519,8 +518,11 @@ public abstract class AbstractOAuth2IdentityProvider<C extends OAuth2IdentityPro
                 }
             } catch (WebApplicationException e) {
                 return e.getResponse();
-            } catch (IdentityBrokerUnmatchedEssentialClaimException e) {
+            } catch (IdentityBrokerException e) {
-                return errorIdentityProviderLogin(Messages.IDENTITY_PROVIDER_UNMATCHED_ESSENTIAL_CLAIM_ERROR);
+                if (e.getMessageCode() != null) {
+                    return errorIdentityProviderLogin(e.getMessageCode());
+                }
+                logger.error("Failed to make identity provider oauth callback", e);
             } catch (Exception e) {
                 logger.error("Failed to make identity provider oauth callback", e);
             }

services/src/main/java/org/keycloak/broker/oidc/OIDCIdentityProvider.java

@@ -27,7 +27,6 @@ import org.keycloak.broker.provider.AuthenticationRequest;
 import org.keycloak.broker.provider.BrokeredIdentityContext;
 import org.keycloak.broker.provider.ExchangeExternalToken;
 import org.keycloak.broker.provider.IdentityBrokerException;
-import org.keycloak.broker.provider.IdentityBrokerUnmatchedEssentialClaimException;
 import org.keycloak.broker.provider.util.SimpleHttp;
 import org.keycloak.common.util.Base64Url;
 import org.keycloak.common.util.SecretGenerator;
@@ -413,11 +412,13 @@ public class OIDCIdentityProvider extends AbstractOAuth2IdentityProvider<OIDCIde
                     logger.tracef("Found claim %s with values %s", filterName, claimValues);
                     if (!claimValues.stream().anyMatch(v->v.matches(filterValue))) {
                         logger.warnf("Claim %s has values \"%s\" that does not match the expected filter \"%s\"", filterName, claimValues, filterValue);
-                        throw new IdentityBrokerUnmatchedEssentialClaimException(String.format("Unmatched claim value for %s.", filterName));
+                        throw new IdentityBrokerException(String.format("Unmatched claim value for %s.", filterName)).
+                            withMessageCode(Messages.IDENTITY_PROVIDER_UNMATCHED_ESSENTIAL_CLAIM_ERROR);
                     }
                 } else {
                     logger.debugf("Claim %s was not found", filterName);
-                    throw new IdentityBrokerUnmatchedEssentialClaimException(String.format("Claim %s not found", filterName));
+                    throw new IdentityBrokerException(String.format("Claim %s not found", filterName)).
+                        withMessageCode(Messages.IDENTITY_PROVIDER_UNMATCHED_ESSENTIAL_CLAIM_ERROR);
                 }
             }
 
@@ -433,7 +434,7 @@ public class OIDCIdentityProvider extends AbstractOAuth2IdentityProvider<OIDCIde
             }
 
             return identity;
-        } catch (IdentityBrokerUnmatchedEssentialClaimException e) {
+        } catch (IdentityBrokerException e) {
             throw e;
         } catch (Exception e) {
             throw new IdentityBrokerException("Could not fetch attributes from userinfo endpoint.", e);