Professional Documents
Culture Documents
Flows Auth
Flows Auth
/
401 Unauthorized with correct message (nonexistent user /
wrong password)
Client
Gateway IDM
login forward request
[1] Request Flow
{
"user": "test,
"pass": "test"
}
[2] IDM login flow yes Grab password Check given Is the
User hash password
password
exists? associated to against stored
user password hash correct?
no
yes no
Return 401 with
a body that
states that the
given username
does not exist Create a JWS Return 401 with
with the a body that
according claims states that the
and return it to password is
the user wrong