[jira] [Updated] (USERGRID-1199) User authentication failure and reset password requests return 400 bad request; should return 401 unauthorized?

[Brandon Shelley (JIRA)]

     [ 
https://issues.apache.org/jira/browse/USERGRID-1199?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Brandon Shelley updated USERGRID-1199:
--------------------------------------
    Description: 
{code}POST 
https://api-connectors-prod.apigee.net/appservices/api-connectors/sdksandbox/token{code}

with an invalid authentication body results in a 400 bad request

likewise:

{code}PUT 
https://api-connectors-prod.apigee.net/appservices/api-connectors/sdksandbox/users/{username}/password{code}

with an invalid 'old password' results in a 400 bad request.

Suggest that both return a 401 unauthorized instead? Discussion may be required.


  was:
{code}POST 
https://api-connectors-prod.apigee.net/appservices/api-connectors/sdksandbox/token{code}

with an invalid authentication body results in a 400 bad request

likewise:

{code}PUT 
https://api-connectors-prod.apigee.net/appservices/api-connectors/sdksandbox/users/{username}/password{code}

with an invalid 'old password' results in a 400 bad request.

Suggest that both return a 401 unauthorized instead, unless the user is not 
found, in which case a 404 should be returned? Discussion may be required.



> User authentication failure and reset password requests return 400 bad 
> request; should return 401 unauthorized?
> ---------------------------------------------------------------------------------------------------------------
>
>                 Key: USERGRID-1199
>                 URL: https://issues.apache.org/jira/browse/USERGRID-1199
>             Project: Usergrid
>          Issue Type: Improvement
>          Components: Stack
>    Affects Versions: 2.1.2
>            Reporter: Brandon Shelley
>
> {code}POST 
> https://api-connectors-prod.apigee.net/appservices/api-connectors/sdksandbox/token{code}
> with an invalid authentication body results in a 400 bad request
> likewise:
> {code}PUT 
> https://api-connectors-prod.apigee.net/appservices/api-connectors/sdksandbox/users/{username}/password{code}
> with an invalid 'old password' results in a 400 bad request.
> Suggest that both return a 401 unauthorized instead? Discussion may be 
> required.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)