We have a basic IdentityServer implementation using ClientCredentials. When a token is requested with an invalid secret, we're receiving an invalid_client error with a 400 BadRequest status. What is the best way to override this response and return a 401 unauthorized? We have a remote device accessing our api which expects a 401 for authentication errors.
Asked
Active
Viewed 238 times
1 Answers
0
One option is to work with another project that works as a facade in the middle, connects to the /connect/token methods and then gives a different response having 401. Here are some links:
https://microservices.io/patterns/apigateway.html
How to setup a Web API Facade pattern
dportman
- 1,101
- 10
- 20
Emilio De Paz
- 1
- 1