Open amirzahavi opened 1 year ago
Thank you for the report. This is on purpose, because users should know whether their account was locked or not. We can probably improve displaying the error message better so it's not a full error but instead gives you a flow with a message indicating that the login is disabled for that user. WDYT?
Hi @aeneasr, Thank you for the quick response, my first assumption was misleading, I forgot that when I typed the password it was the correct one, and just after that I got 401 as expected. When I type the wrong password, it returns 400 as expected.
But for the sake of consistency, it still would be nice to get the same flow body with a message indicating the user is blocked something like Account is blocked, please contact your account administrator
.
Preflight checklist
Describe the bug
When a user is "inactive" using the
identity
API (admin API), after a login attempt the login flow respond with401
instead of the usual400
(with a generic error message).we accpect the response to be as an invalid login credentials:
Reproducing the bug
identity
APIRelevant log output
Relevant configuration
No response
Version
v0.11.1
On which operating system are you observing this issue?
None
In which environment are you deploying?
Kubernetes with Helm
Additional Context
We are self-host Kratos behind Oathkeeper with Keto using Kubernetes+Helm.
The login is performed inside a SPA context, using the @ory/client SDK (v1.1.7)
updateLoginFlow
function