Merge pull request #39408 from liggitt/invalid-token-401
Automatic merge from submit-queue
Ensure invalid token returns 401 error, not 403
fixes #39267
If a user attempts to use a bearer token, and the token is rejected, the authenticator should return an error. This distinguishes requests that did not provide a bearer token (and are unauthenticated without error) from ones that attempted to, and failed.
Showing
Please
register
or
sign in
to comment