ResourceServerMiddleware shouldn't generate a json
basz opened this issue · comments
Bas Kamer commented
I'm not sure this is correct behavior
I think it would be more flexible if an exception is raised so error middleware might respond differently (For example with an Apigility ApiProblem type response)
Michaël Gallego commented
Well, the issue is that according to the spec it should return a 401. So this is the behaviour of this by default. But you're right, I'm not sure how it could be extended to modify the output.
Bas Kamer commented
I now think this is ok. It is a oauth2 resource server with a specifically defined response. we shouldn't defiate from that.
closing