Authentication error responses
What's the best way for ASP.NET Core Web Api to send authentication error responses to a frontend, so it' clear for users but still secure?
Should I share more detail information to the frontend like: incorrect password, user already exist, etc.
or should I send more general error response like: Registration fail due to invalid input
3 Replies
normally you'd never share details. stuff like "user already exists" means they now know a valid username
"incorrect password" does the same thing
I understand, so is better to response with a general error message like: Registration fail due to invalid input?
Generally, yes
If its just that the password didnt match your criteria for complexity, then write that out thou