A 403 in the API had a very specific meaning, and when the proxy layer started returning 403s everyone had a really bad time.
(That was a long day)
And that meaning wasn't "you are authenticated as a user that can not access this resource"?
Because of the middle layer sending a 403 instead of the API, clients would request refresh tokens in an infinite loop.
A 403 in the API had a very specific meaning, and when the proxy layer started returning 403s everyone had a really bad time.
(That was a long day)