Skip to content

GitLab

  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • concrexit concrexit
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 70
    • Issues 70
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 10
    • Merge requests 10
  • Deployments
    • Deployments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • Repository
  • Activity
  • Graph
  • Create a new issue
  • Commits
  • Issue Boards
Collapse sidebar
  • thalia
  • concrexitconcrexit
  • Issues
  • #959

Closed
Open
Created Nov 06, 2019 by Gijs Hendriksen@ghendriksenContributor

API authentication returns 400 when providing the wrong credentials

One-sentence description

The API /token-auth/ returns a 400 status code when the user passed incorrect credentials, which makes it unclear why the request was denied.

Why?

To make use of the correct HTTP status code, which could clarify the reason an authentication request was denied.

Current implementation

/token-auth/ returns a 400 when providing incorrect credentials

Suggested implementation

/token-auth/ returns a 401(?) when providing incorrect credentials

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking