-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Login error responses #47
Comments
Your description sounds accurate to the current API, but I am not sure it's optimal. I will do some research. Ideally, the response would be the correct status code for a non-existent user. |
Hi, @jamiefolsom! This is actually similar to #48. It may be optimal to get back json-encoded messages we can act on for consistency? Thanks! |
Hi @circa1977 OK, so I'm not sure I know what the status of this is now -- are we sticking with status code only responses, no payload, just changing which ones are returned? For example, it doesn't seem right to return 500 for a routine, correct request, IMHO. Thanks. |
Hi @jamiefolsom - Per #48, I think:
|
Hi @circa1977 I wasn't clear, sorry; I can figure out which codes to return, and document those for you, but I want to be sure before I make changes that you're in agreement with the API returning payload-free status-code-only responses to all requests that warrant them (e.g. for signups attempting to create accounts with an already-used email, or for login attempts where the email doesn't exist or for login attempts with existing email, wrong password). Just above my question from this morning, it appeared to still be an open question whether your front end needed our API to return a JSON payload in all cases. I think I am belaboring something that we are beyond now, but I don't want to make assumptions. Thanks! |
Hi, @jamiefolsom! I appreciate the confirmation. Either way, we're going to have to create a function that will parse the response, so I'm on board with the status code approach. We have plenty of examples of parsing those in JavaScript/jQuery, so -- barring any unforeseen issues -- we should be fine to make that work and stick with a true RESTful implementation. |
@circa1977 This is now in PR #52.
The error payloads are not necessary if they complicate things, but since the 200 response does require a payload (the authentication token) I kept them in for now. I can retool this if there's a better approach. |
Hi, Jamie!
Can you confirm that for the /tokens (login) endpoint, we should act on the following:
500 internal server error
403 Forbidden
errorI just want to be sure we're acting on those rather than explicit errors in a returned JSON packet. We're seeing those as server errors from the Ajax call.
One consideration: If there was an actual application/server error, those error values might trigger false errors to the user. I.e., getting a 500 error from the server and saying "Your email address was not found," when the user had actually registered and used the correct address.
Thanks!
Mark
The text was updated successfully, but these errors were encountered: