Closed amoraitis closed 1 month ago
Hitting the Token-Endpoint with incorrect client-secret value returns HTTP Status 200 OK, with an error.
Is that expected? Should not this return another response code (failure) and return the error in the JSON response as defined here?
Example from Microsoft's implementation.
@tangyang9464 @JalinWang @imp2002
@amoraitis Casdoor returns HTTP 200 for application-level errors, to differ from network errors. Use status and msg to parse the error
Hitting the Token-Endpoint with incorrect client-secret value returns HTTP Status 200 OK, with an error.![image](https://github.com/casdoor/casdoor/assets/17813786/589fe533-eb87-4ac7-bc6f-eebebd15dab6)
Is that expected? Should not this return another response code (failure) and return the error in the JSON response as defined here?
Example from Microsoft's implementation.