Like in #9 the basic auth strategy also returns a 400 code when no password or username is provided. The same browser cache issues arise as in the digest strategy.
I'm wondering why this check is here in the first place. Shouldn't this be the decision of the user in the verify callback?
Like in #9 the basic auth strategy also returns a 400 code when no password or username is provided. The same browser cache issues arise as in the digest strategy.
I'm wondering why this check is here in the first place. Shouldn't this be the decision of the user in the
verify
callback?