Total compatibility as API endpoint

[frederikhors]

Issue opened for the creation of a wiki page that summarizes the doubts and problems for newbies (#210).

---

I read #234 (comment) but I think this should be in our backlog.

Authboss is amazing and for people like me who are using it as an endpoint for JSON-API requests it's important to handle:

• incorrect requests return status code 200 #234, incorrect requests return status code 200 in case of a faulty request (like wrong credentials or invalid recovery token). It's extremely important also because Chrome (for example) after the login POST request if the 200 status code is present shows popup for saving password ALSO if username/password are wrong!

• Message {"status":"success"} on GET call on /login endpoint? #248, user can get the message {"status":"success"} on GET calls on /login endpoint

• Is it possibile to use CorceRedirectTo200 in master? #251, handle renderer/redirector logic instead of CorceRedirectTo200 "solution"

[aarondl]

It's extremely important also because Chrome (for example) after the login POST request if the 200 status code is present shows popup for saving password ALSO if username/password are wrong!

Ah yea, that's a shame. Though it's not really that important. Why would a user save a username and password that is wrong? And why would they not have the credentials already saved from previously logging in if they use the Chrome password storage?

Anyway - we could potentially change this. We could add a config option to control the failure condition of redirects. We do know if its a failure, but we do not know what kind which is sort of the problem. Perhaps we could change the RedirectOptions struct to enable some more API-like options in V3.

[frederikhors]

Though it's not really that important. Why would a user save a username and password that is wrong?

Because the application is used by elderly people or people who have very little predisposition or experience with browsers and the web.

Anyway - we could potentially change this. We could add a config option to control the failure condition of redirects. We do know if its a failure, but we do not know what kind which is sort of the problem. Perhaps we could change the RedirectOptions struct to enable some more API-like options in V3.

Thank you. No hurry. Issue open for backlog.