ledger api auth: polish error messages (#12350)

* ledger api auth: polish error messages

CHANGELOG_BEGIN
CHANGELOG_END

ledger/error/src/main/scala/com/daml/error/definitions/LedgerApiErrors.scala

@@ -311,7 +311,7 @@ object LedgerApiErrors extends LedgerApiErrorGroup {
       case class MissingJwtToken()(implicit
           loggingContext: ContextualizedErrorLogger
       ) extends LoggingTransactionErrorImpl(
-            cause = "The command is missing a JWT token"
+            cause = "The command is missing a (valid) JWT token"
           )
     }
 
@@ -678,17 +678,9 @@ object LedgerApiErrors extends LedgerApiErrorGroup {
           )
     }
 
-    @Explanation("""The user referred to by the request was not found, which may be due to:
-        |
-        |1. Connecting to the wrong participant node, as users are a participant local concept.
-        |2. The user-id being misspelled.
-        |3. The user not yet having been created.
-        |4. The user having been deleted.
-        |""")
+    @Explanation("The user referred to by the request was not found.")
     @Resolution(
-      """Check that you are connecting to the right participant node and the user-id is spelled correctly,
-        |if yes, create the user.
-        |"""
+      "Check that you are connecting to the right participant node and the user-id is spelled correctly, if yes, create the user."
     )
     object UserNotFound
         extends ErrorCode(
@@ -698,16 +690,17 @@ object LedgerApiErrors extends LedgerApiErrorGroup {
       case class Reject(_operation: String, userId: String)(implicit
           loggingContext: ContextualizedErrorLogger
       ) extends LoggingTransactionErrorImpl(
-            cause = s"cannot ${_operation} for unknown user \"${userId}\"."
-            // TODO (i12053): also output participantId
+            cause = s"cannot ${_operation} for unknown user \"${userId}\""
           ) {
         override def resources: Seq[(ErrorResource, String)] = Seq(
           ErrorResource.User -> userId
         )
       }
     }
-    @Explanation("There already exists another user with the same user-id.")
-    @Resolution("Choose a different user-id or use the user that already exists.")
+    @Explanation("There already exists a user with the same user-id.")
+    @Resolution(
+      "Check that you are connecting to the right participant node and the user-id is spelled correctly, or use the user that already exists."
+    )
     object UserAlreadyExists
         extends ErrorCode(
           id = "USER_ALREADY_EXISTS",
@@ -716,8 +709,7 @@ object LedgerApiErrors extends LedgerApiErrorGroup {
       case class Reject(_operation: String, userId: String)(implicit
           loggingContext: ContextualizedErrorLogger
       ) extends LoggingTransactionErrorImpl(
-            cause = s"cannot ${_operation}, as user \"${userId}\" already exists."
-            // TODO (i12053): also output participantId
+            cause = s"cannot ${_operation}, as user \"${userId}\" already exists"
           ) {
         override def resources: Seq[(ErrorResource, String)] = Seq(
           ErrorResource.User -> userId

ledger/ledger-api-auth/src/main/scala/com/digitalasset/ledger/api/auth/AuthorizationError.scala

@@ -14,16 +14,16 @@ object AuthorizationError {
   final case class Expired(authorizedUntil: Instant, currentTime: Instant)
       extends AuthorizationError {
     override val reason =
-      s"Claims were valid until $authorizedUntil, current time is $currentTime."
+      s"Claims were valid until $authorizedUntil, current time is $currentTime"
   }
 
   case object ExpiredOnStream extends AuthorizationError {
-    override val reason = "Claims have expired after the result stream has started."
+    override val reason = "Claims have expired after the result stream has started"
   }
 
   final case class InvalidLedger(authorized: String, actual: String) extends AuthorizationError {
     override val reason =
-      s"Claims are only valid for ledgerId '$authorized', actual ledgerId is '$actual'."
+      s"Claims are only valid for ledgerId '$authorized', actual ledgerId is '$actual'"
   }
 
   final case class InvalidParticipant(authorized: String, actual: String)
@@ -35,11 +35,11 @@ object AuthorizationError {
   final case class InvalidApplication(authorized: String, actual: String)
       extends AuthorizationError {
     override val reason =
-      s"Claims are only valid for applicationId '$authorized', actual applicationId is '$actual'."
+      s"Claims are only valid for applicationId '$authorized', actual applicationId is '$actual'"
   }
 
   case object MissingPublicClaim extends AuthorizationError {
-    override val reason = "Claims do not authorize the use of public services."
+    override val reason = "Claims do not authorize the use of public services"
   }
 
   case object MissingAdminClaim extends AuthorizationError {

ledger/ledger-api-auth/src/main/scala/com/digitalasset/ledger/api/auth/interceptor/AuthorizationInterceptor.scala

@@ -88,7 +88,7 @@ final class AuthorizationInterceptor(
                 case Left(msg) =>
                   Future.failed(
                     errorFactories.permissionDenied(
-                      s"Could not resolve rights for user '$userId' due to $msg."
+                      s"Could not resolve rights for user '$userId' due to '$msg'"
                     )(errorLogger)
                   )
                 case Right(userClaims) =>

ledger/ledger-api-common/src/test/suite/scala/com/digitalasset/platform/server/api/validation/ErrorFactoriesSpec.scala

@@ -493,7 +493,7 @@ class ErrorFactoriesSpec
         v2_details = expectedInternalErrorDetails,
         v2_logEntry = ExpectedLogEntry(
           Level.WARN,
-          s"UNAUTHENTICATED(6,$truncatedCorrelationId): The command is missing a JWT token",
+          s"UNAUTHENTICATED(6,$truncatedCorrelationId): The command is missing a (valid) JWT token",
           Some(expectedLocationLogMarkerRegex),
         ),
       )