diff --git a/requirements-swh-server.txt b/requirements-swh-server.txt
--- a/requirements-swh-server.txt
+++ b/requirements-swh-server.txt
@@ -2,4 +2,4 @@
 swh.loader.core >= 0.0.71
 swh.scheduler >= 0.7.0
 swh.model >= 0.3.8
-swh.auth[django] >= 0.3.3
+swh.auth[django] >= 0.3.6
diff --git a/swh/deposit/auth.py b/swh/deposit/auth.py
--- a/swh/deposit/auth.py
+++ b/swh/deposit/auth.py
@@ -3,6 +3,7 @@
 # License: GNU General Public License version 3, or any later version
 # See top-level LICENSE file for more information
 
+import json
 import logging
 from typing import Optional
 
@@ -16,7 +17,7 @@
 
 from swh.auth.django.models import OIDCUser
 from swh.auth.django.utils import oidc_user_from_profile
-from swh.auth.keycloak import KeycloakOpenIDConnect
+from swh.auth.keycloak import KeycloakError, KeycloakOpenIDConnect
 from swh.deposit.models import DepositClient
 
 from .errors import UNAUTHORIZED, make_error_response
@@ -145,8 +146,11 @@
         if not oidc_user:
             try:
                 oidc_profile = self.client.login(user_id, password)
-            except Exception as e:
-                raise AuthenticationFailed(e)
+            except KeycloakError as e:
+                logger.debug("KeycloakError: e: %s", e)
+                msg_dict = json.loads(e.error_message.decode())
+                error_msg = f"{msg_dict['error']}: {msg_dict['error_description']}"
+                raise AuthenticationFailed(error_msg)
 
             oidc_user = oidc_user_from_profile(self.client, oidc_profile)
             ttl = int(