djMax
commented
7 years ago I'm not following the code, but in practice it does seem to take the status I give it in the auth handler error, so I guess it's fine.
Closed djMax closed 7 years ago
djMax
commented
7 years ago I'm not following the code, but in practice it does seem to take the status I give it in the auth handler error, so I guess it's fine.
It seems like the module returns 401 for any auth failure, even if the handler itself throws with a status of 403. Is that true? It makes it difficult to indicate "bad authentication" vs. "bad authorization" right?