brockallen
commented
8 years ago You'd change your user service in IdSvr to issue whatever error you want when this condition arises.
Closed najeebzohaib closed 8 years ago
brockallen
commented
8 years ago You'd change your user service in IdSvr to issue whatever error you want when this condition arises.
najeebzohaib
commented
8 years ago Brilliant! Thanks
Hi Brock, I'm using membership reboot with identity server 3 with implicit flow and default settings. I noticed that after failed login attempts the user account get locked out which is fine however the error message still remains the same 'Error: Invalid username and password'. Is this the expected behavior and is there a security reason for this? Should it not indicate to user that account is locked out?