To log in to the backend or the DS, the client must submit their userProfile at the beginning of the login flow. This is necessary because the server needs to use the publicKeys from the profile to verify the validity of a signed challenge.

However, this causes issues when the client decides to update the nonce. The keys previously created using the old nonce remain part of the profile and cannot be updated.

Therefore, the client must be able to update a userProfile in certain situations to avoid breaking the user's account.

Disable account check at submitUserProfile.ts

• Instead of throwing a "Profile exists already"error the profile should be simply overwritten.

auth endpoint has to return the error when submitting a challenge has failed instead of returning 404

• In the catch block return 400 with the error

Handle failed challenge requests on the client side

• the client has to be able to handle failed challenge requests. It has to parse the error and check if the message is 'invalid signature' if so it has to use this.submitUserProfile to retrieve the token.
• Provide a test in ServerSideConnector.test.ts for this behavior.