400 response instead of 401 in GenerateToken() function

nbarbettini / SimpleTokenProvider

Sample middleware component for ASP.NET that generates JWT access tokens

Apache License 2.0

288 stars 90 forks source link

400 response instead of 401 in GenerateToken() function #21

Open onedevteam opened 7 years ago

onedevteam commented 7 years ago

            var identity = await _options.IdentityResolver(username, password);
            if (identity == null)
            {
                context.Response.StatusCode = 400;
                await context.Response.WriteAsync("Invalid username or password.");
                return;
            }

I think response should be 401/Unauthorized, because request is good/valid.

nbarbettini commented 7 years ago

This response is modeled after the OAuth 2.0 error response, which returns 400 for invalid credentials.

I just realized that the response body isn't proper, though. I'll fix that. 👍