If the auth tag doesn't contain the previx 'user-', it isn't a valid tag and the login request is malformed, so I'm not sure I agree that it should return 'invalid entity name or password'?
Others may have a different opinion, so I'll ask.
If the auth tag doesn't contain the previx 'user-', it isn't a valid tag and the login request is malformed, so I'm not sure I agree that it should return 'invalid entity name or password'?
Others may have a different opinion, so I'll ask.