Why should an auth request for a user against a disabled tenant be successful in any case?
In the auth request, we do pass the tenant name, and if that tenant is disabled, the auth should be denied.
So, essentially I feel the HTTP response code should be sent accordingly.
Hi Joseph,
Why should an auth request for a user against a disabled tenant be successful in any case?
In the auth request, we do pass the tenant name, and if that tenant is disabled, the auth should be denied.
So, essentially I feel the HTTP response code should be sent accordingly.