Return 401 instead of 403 response for invalid token
mihow opened this issue · 1 comments
mihow commented
Right now both permission denied & invalid token errors return 403 responses. It would be nice to know if a user was actually logged out, or if a user is still logged in but isn't authorized to do something.
I am willing to fork or add a workaround if someone is able to give me guidance on where to make the change.
Thanks!