bad request for wrong password and expired account are now the same = 400
Have you checked the payload?
i did , the status changed after the introduction of totp.
before it was 400 for wrong credential
and 401 for expired account
now
both are 400
You didn't check payload and you have not provided any information about what you get there? And instead you keep repeating about response code.
i rechecked the payload and i discovered in the response informations that can be used to distinguish between expired account or wrong credentials/
thank you for your support, this means a lot to us.
before i was using the status bad request for expired account 401 as a way to inform users if they are trying to log into an expired account . now i discovered after the introduction of totp function you changed the bad request of expired account to be the same as wrong password , this means we have no way of knowing if the failed login happed by the cause of wrong password or simply an expired account .
expired account with correct password and email: 400
valid account but wrong credential: 400
toptp function: 401
my proposal is to differentiate the first two bad request , one 400 and the other some other number .