Open onedevteam opened 7 years ago
var identity = await _options.IdentityResolver(username, password); if (identity == null) { context.Response.StatusCode = 400; await context.Response.WriteAsync("Invalid username or password."); return; }
I think response should be 401/Unauthorized, because request is good/valid.
This response is modeled after the OAuth 2.0 error response, which returns 400 for invalid credentials.
I just realized that the response body isn't proper, though. I'll fix that. 👍
I think response should be 401/Unauthorized, because request is good/valid.