bad request for wrong password and expired account are now the same = 400

nabil boumimimak9 months ago

before i was using the status bad request for expired account 401 as a way to inform users if they are trying to log into an expired account . now i discovered after the introduction of totp function you changed the bad request of expired account to be the same as wrong password , this means we have no way of knowing if the failed login happed by the cause of wrong password or simply an expired account .
expired account with correct password and email: 400
valid account but wrong credential: 400
toptp function: 401
my proposal is to differentiate the first two bad request , one 400 and the other some other number .

Anton Tananaev9 months ago

Have you checked the payload?

nabil boumimimak9 months ago

i did , the status changed after the introduction of totp.
before it was 400 for wrong credential
and 401 for expired account
now
both are 400

Anton Tananaev9 months ago

You didn't check payload and you have not provided any information about what you get there? And instead you keep repeating about response code.

nabil boumimimak9 months ago

i rechecked the payload and i discovered in the response informations that can be used to distinguish between expired account or wrong credentials/
thank you for your support, this means a lot to us.