Should we add logic to return 401 here for FAILED case? #8720
bradfordChiang
started this conversation in
Ideas
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
keycloak/adapters/oidc/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/tomcat/AbstractKeycloakAuthenticatorValve.java
Line 204 in a4c4c00
Should we add logic to return 401 here for FAILED case? I mean doesn't need to do that challenge logic which would set the response code to 403 even if the bearer token is invalid.
Beta Was this translation helpful? Give feedback.
All reactions