Shouldn't an authentication failure return status 401 as well?

Question

Shouldn't an authentication failure return status 401 as well?

sk91 opened this issue 12 years ago · 4 comments

Answer 1 · 2019-02-13T14:13:56.000Z

why this has been closed? is it still valid?

Answer 2 · 2019-02-13T14:29:43.000Z

ok I guess this has been cloased because the callback you pass to the authorization method gets an error when there is an auth failure. In this case you can throw 401

Answer 3 · 2019-02-13T14:46:23.000Z

@gnuton sorry, don't remember exactly why I closed it. I fixed it for my self and made a pull request:

#13

Answer 4 · 2019-02-13T14:48:54.000Z

But it was ignored for more than 5 years ...