There are failed authentication scenarios that are unclear to the user

[oliverheywood451]

Does it make sense to provide a more helpful error message in these scenarios? Is it a security concern to expose these errors? (Sometimes verbose auth errors can reveal too much and aid a brute force discovery of secrets.

1. You may be missing an OrderCloud setting in middleware. Please set a breakpoint here, and start your server. Confirm ApiUrl, MiddlewareClientID, and MiddlewareClientSecret are all defined

2. Your API client may not be have an admin user as the default context user. Check your API client and confirm the username associated with the API client is an admin user, and that admin user has FullAccess assigned to him. If you went through the seeding process this should be done for you automatically

3. You are calling the middleware with a token that doesn't match the marketplace for which middleware is set up for. Confirm that the clientID encoded in the token belongs to the same marketplace as the MiddlewareClientID