Closed McPringle closed 9 years ago
Yes, this is indeed not a good design choice. As this obviously is an error induced by a bad request, it should definitely return a response in the 4xx range, and the most appropriate and generic is a 401 as you state @McPringle.
Yes, totally agree @McPringle.
Can you give the latest commit a try and see whether that works for you?
I've applied the fix for the 0.8.x branch.
Hi @ToastShaman
Your fix works perfectly! Thanks for your amazing fast response!
An expired token leads into an InternalServerError. That is really bad because it will result in HTTP status code 500 and the client thinks the failure is on the server side. Returning a 401 Unauthorized is much better.
JWTAuthFactory: line 115 to 117