Shouldn't an authentication failure return status 401 as well?
sk91 opened this issue · comments
why this has been closed? is it still valid?
ok I guess this has been cloased because the callback you pass to the authorization method gets an error when there is an auth failure. In this case you can throw 401
But it was ignored for more than 5 years ...