fix(authz-keycloak): do not expose internal errors to the client

apisix/plugins/authz-keycloak.lua

@@ -722,12 +722,12 @@ local function generate_token_using_password_grant(conf,ctx)
     if not username then
         local err = "username is missing."
         log.error(err)
-        return 422, err
+        return 422, {message = err}
     end
     if not password then
         local err = "password is missing."
         log.error(err)
-        return 422, err
+        return 422, {message = err}
     end
 
     local client_id = authz_keycloak_get_client_id(conf)
@@ -737,7 +737,7 @@ local function generate_token_using_password_grant(conf,ctx)
     if not token_endpoint then
         local err = "Unable to determine token endpoint."
         log.error(err)
-        return 503, err
+        return 503, {message = err}
     end
     local httpc = authz_keycloak_get_http_client(conf)
 
@@ -763,7 +763,7 @@ local function generate_token_using_password_grant(conf,ctx)
         err = "Accessing token endpoint URL (" .. token_endpoint
               .. ") failed: " .. err
         log.error(err)
-        return 401, {message = err}
+        return 401, {message = "Accessing token endpoint URL failed."}
     end
 
     log.debug("Response data: " .. res.body)
@@ -773,7 +773,7 @@ local function generate_token_using_password_grant(conf,ctx)
         err = "Could not decode JSON from response"
               .. (err and (": " .. err) or '.')
         log.error(err)
-        return 401, {message = err}
+        return 401, {message = "Could not decode JSON from response."}
     end
 
     return res.status, res.body