Unlocking should be prohibited before user completed the onboarding process
Motivation
Currently, clients are confronted with error 403 when attempting to unlock a vault that an user has no access to.
While this is technically correct, there are different reasons why no access has been granted to a user. One of them is that it is impossible to grant access before the user completed setup (hence not having any key pair). This should be treated differently in order to allow clients to react with a corresponding (more helpful) error text.
If the user is not yet set up, a status code 449 should be returned:
Please agree to the following
Summary
Unlocking should be prohibited before user completed the onboarding process
Motivation
Currently, clients are confronted with error 403 when attempting to unlock a vault that an user has no access to.
While this is technically correct, there are different reasons why no access has been granted to a user. One of them is that it is impossible to grant access before the user completed setup (hence not having any key pair). This should be treated differently in order to allow clients to react with a corresponding (more helpful) error text.
If the user is not yet set up, a status code 449 should be returned:
Considered Alternatives
No response
Anything else?
No response