aarondl
commented
4 years ago It's extremely important also because Chrome (for example) after the login POST request if the 200 status code is present shows popup for saving password ALSO if username/password are wrong!
Ah yea, that's a shame. Though it's not really that important. Why would a user save a username and password that is wrong? And why would they not have the credentials already saved from previously logging in if they use the Chrome password storage?
Anyway - we could potentially change this. We could add a config option to control the failure condition of redirects. We do know if its a failure, but we do not know what kind which is sort of the problem. Perhaps we could change the RedirectOptions struct to enable some more API-like options in V3.
frederikhors
Issue opened for the creation of a wiki page that summarizes the doubts and problems for newbies (https://github.com/volatiletech/authboss/issues/210).
I read https://github.com/volatiletech/authboss/issues/234#issuecomment-495244322 but I think this should be in our backlog.
Authboss is amazing and for people like me who are using it as an endpoint for JSON-API requests it's important to handle:
https://github.com/volatiletech/authboss/issues/234, incorrect requests return status code 200 in case of a faulty request (like wrong credentials or invalid recovery token). It's extremely important also because Chrome (for example) after the login POST request if the 200 status code is present shows popup for saving password ALSO if username/password are wrong!
https://github.com/volatiletech/authboss/issues/248, user can get the message
{"status":"success"}on GET calls on/loginendpointhttps://github.com/volatiletech/authboss/issues/251, handle renderer/redirector logic instead of
CorceRedirectTo200"solution"