Hi Brock, I'm using membership reboot with identity server 3 with implicit flow and default settings. I noticed that after failed login attempts the user account get locked out which is fine however the error message still remains the same 'Error: Invalid username and password'. Is this the expected behavior and is there a security reason for this? Should it not indicate to user that account is locked out?
Hi Brock, I'm using membership reboot with identity server 3 with implicit flow and default settings. I noticed that after failed login attempts the user account get locked out which is fine however the error message still remains the same 'Error: Invalid username and password'. Is this the expected behavior and is there a security reason for this? Should it not indicate to user that account is locked out?