Closed fgehrlicher closed 5 years ago
This is when in api mode?
Yes i am using authboss as json api. The response indicates an error but still returns status 200.
json { "error": "Invalid Credentials", "modules": { "auth": true, "confirm": true, "lock": true, "logout": true, "recover": true, "register": true }, "status": "failure" }
It's intentional. It's sort of a side effect from it being able to support both JSON and HTML Forms. In that that same error would be a 200 OK in an HTML Form response.
In our applications we'll simply do a conditional JSON parse, if "status": "true"
key and value exist then we know to parse it as an authboss JSON error (mostly the format you're looking at there).
Authboss doesn't really try to be a restful API and use status codes to indicate problems with user information for application level issues, only request/protocol/server level issues (bad requests for an form post, internal server errors etc). Analyzing the response is the only way to know if something went wrong.
ok that reasonable. thank you for clarifying!
Is this related to https://github.com/volatiletech/authboss/issues/248, @fgehrlicher?
Many endpoints return http status 200 in case of a faulty request (like wrong credentials or invalid recovery token). Is that behavior intended?