Interesting! So in the case the front end relies on 401 (for example when fetching a refresh token) do you then hide some clues in the response so that the front end will know when to fetch another refresh token ?
Web Dev full-stack [LAMP] since 2005, but much heavier on the JS stuff these days.
Jack of all Stacks, Master of some.
Always looking to learn new things. Always glad to help out, just ask.
Location
Atlanta, GA
Education
B.S. in Biochemistry 2004, M.S. in Computer Information Systems 2007
In that case you could just add a value to the object like "message":"nogo" and use that to determine it, but since all failed responses return the same message it throws a potential hacker off the scent since there's nothing useful to it.
Interesting! So in the case the front end relies on 401 (for example when fetching a refresh token) do you then hide some clues in the response so that the front end will know when to fetch another refresh token ?
In that case you could just add a value to the object like "message":"nogo" and use that to determine it, but since all failed responses return the same message it throws a potential hacker off the scent since there's nothing useful to it.
neat! thanks for the tips! :)