We are trying OAuth [grant_type = password] for External users . We have customized the pyCustomIdentityMappingAct activity to invoke the AuthenticationLDAPVerifyCredentials activity with the username and password part of my OAuth request. But the Token endpoint /oauth2/v1/token still returns us the access token and refresh token though I send incorrect password part of my request. I revoked my current token and tried again, but the problem still persists.
One more problem is , I had to reset my LDAP password once before I invoke OAUTH service /oauth2/v1/token , "Error authenticating : Password expired. Change user password", but no problem logging in to application using /PRWebLDAP1
Is your LDAP validation working properly? Did you check the documentation in Step#3 of pyCustomIdentityMappingAct?
We rely on a valid pyOperPage parameter containing page of Data-Admin-Operator-ID. Have you ensured it is null in case of validation failure? I think you have uncommented step 6, please delete /comment that step.