The sesssion middleware responses returned when invalid session tokens are provided has a different structure than other flow API error responses. We should try to make the responses consistent.
Implementation
The "old" session middleware is no longer applied to the profile endpoint. A private method on the handler now validates the session. The method's implementation is basically a copy of the echo-jwt implementation (see here).
Description
The sesssion middleware responses returned when invalid session tokens are provided has a different structure than other flow API error responses. We should try to make the responses consistent.
Implementation
The "old" session middleware is no longer applied to the profile endpoint. A private method on the handler now validates the session. The method's implementation is basically a copy of the
echo-jwtimplementation (see here).