API authentication returns 400 when providing the wrong credentials
One-sentence description
The API /token-auth/ returns a 400 status code when the user passed incorrect credentials, which makes it unclear why the request was denied.
Why?
To make use of the correct HTTP status code, which could clarify the reason an authentication request was denied.
Current implementation
/token-auth/ returns a 400 when providing incorrect credentials
Suggested implementation
/token-auth/ returns a 401(?) when providing incorrect credentials
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information