Currently the auth.middleware checks for the account ID and for permissions for accessing the endpoint.
But any errors are interpreted as an InternalServerError, including if the client's token doesn't give them permission to access the account they are requesting, which should be some sort of BadRequest.
briggySmalls
commented
3 years ago
Currently the
auth.middlewarechecks for the account ID and for permissions for accessing the endpoint.But any errors are interpreted as an InternalServerError, including if the client's token doesn't give them permission to access the account they are requesting, which should be some sort of BadRequest.