We can keep 503.
But we can let user to know the error reason ASAP instead of guess, do you agree?
As a end user:
1. How do you know that the user/pass is wrong from the return response message?
"503 Service Unavailable" is meaningless to user.
"The server is currently unavailable. Please try again at a later time" is also misleading.
2. as you mentioned, developer knows ksa_exceptions.Unauthorized can be 401/403 (maybe 404).
IMHO He can do some improvement, for example classifies these exceptions(401/403).
Instead return the uniform msg as the code show.
msg = _('Identity server rejected authorization necessary to ' 'fetch token data')
raise ksm_exceptions.ServiceError(msg)
The restful response also swallowed the above msg.
Hi Jamie Lennox:
We can keep 503.
But we can let user to know the error reason ASAP instead of guess, do you agree?
As a end user:
1. How do you know that the user/pass is wrong from the return response message?
"503 Service Unavailable" is meaningless to user.
"The server is currently unavailable. Please try again at a later time" is also misleading.
2. as you mentioned, developer knows ksa_exceptions. Unauthorized can be 401/403 (maybe 404). 401/403) .
IMHO He can do some improvement, for example classifies these exceptions(
Instead return the uniform msg as the code show.
msg = _('Identity server rejected authorization necessary to '
' fetch token data') ServiceError( msg)
raise ksm_exceptions.
The restful response also swallowed the above msg.