Details
-
Sub-task
-
Resolution: None
-
High
-
None
-
None
-
None
-
None
Description
Behaviour:
- whatever happens, we rely on the Public API's permission exceptions as well as on the REST API's conversion of those to HTTP error code. Permission denied => Permission denied
- if no credentials are sent, user is anonymous
- if credentials are set, the provided credentials are tried and used.
Again, how do we reply to bad credentials ?