1. Proposed title of this feature request
apiserver to return error with more information when the oauth-server is failing

2. What is the nature and description of the request?
When apiserver is up and the health check returns ‘OK’, 'oc login' could still fail if the oauth-server is unreachable. The user is unable to see whether there is an authentication problem. 

The suggestion is that the apiserver returns messages with which the user can confirm why the command is failing. E.g. "auth temporary unavailable" 

Upon seeing the error, the user could report it to the administrator so related components can be inspected. 

The suggestion was originally raised here: https://issues.redhat.com/browse/OCPBUGS-10589

3. Why does the customer need this? (List the business requirements here)
When SDN has issues(e.g. ovs daemon is down), ‘oc login’ fails but the user can not receive an informative message from apiserver. Even when the load balance algorithm is ‘roundload’, ‘oc login’ could still fail if one of the masters has the problem. If the load balance algorithm is ‘source’, it could go worse.

4. List any affected packages or components.
apiserver

~~~
E0316 16:22:55.259082      19 webhook.go:155] Failed to make webhook authenticator request: Post "https://172.35.88.201:443/apis/oauth.openshift.io/v1/tokenreviews?timeout=30s": dial tcp 172.35.88.201:443: connect: no route to host
E0316 16:22:55.259146      19 authentication.go:63] "Unable to authenticate the request" err="[invalid bearer token, Post \"https://172.35.88.201:443/apis/oauth.openshift.io/v1/tokenreviews?timeout=30s\": dial tcp 172.35.88.201:443: connect: no route to host]" 
~~~