authentication: Status Code 500 for failed stateless form authentication attempts

First of all, awesome job on this middleware. I’m using stateless API authentication with the Forms authenticator. When posting incorrect email/password:

the Authenticator throws an UnauthenticatedException (expected)
the Status Code is 500 (unexpected, I was expecting a 401 or similar)

Am I missing something here or is this intended behavior?

About this issue

Original URL
State: closed
Created 6 years ago
Comments: 16 (7 by maintainers)

Commits related to this issue

Add 401 status code to unauthenticated errors Previously these responses would have 500 status code. Now they reflect a more reasonable status code. This is not a perfect solution as the 401 status c... — committed to cakephp/authentication by markstory 6 years ago

Most upvoted comments

Neat middleware deserves neat comments

+1

bravo-kernel on Sep 13, 2018

Read more comments on GitHub

← authentication: SessionAuthenticator `'identify' => true` config does not work

cakephp: Implement a more specific exception structure →