200 response code when checking invalid token
Closed this issue · 2 comments
In the same vein as #36, I should not get a 200 status code if I a token is invalid. As a rule of thumb, { success: false } should almost invariably return a non 2XX status code; after all, the request was not successful.
To support my case, I make requests to my API on the client side using axios, which returns ES6 promises. If I call Api.validateToken().then(success).catch(failure), I expect failure to be called if I supply an invalid token. At the moment, I have to check for response.data.success===false in the success callback since a 200 status is returned in any case.
I believe this is a major improvement to an otherwise straightforward Django module.
Hey @nicbou, thanks for reporting this.
This is a tough one, since an invalid token being sent to the token view doesn't really mean there was anything wrong with the request.
On the other hand, the fact that we return an "error" key in the JSON (and success=False) means we're already making this "mistake", so I will go ahead and change the status code to 401.