docs/8.0/ayanova/docs/api-error-codes.md

@@ -16,6 +16,7 @@ Here are all the API level error codes that can be returned by the API server:
 | 2003 | Authentication failed (HTTP STATUS 401), bad login or password, user not found |
 | 2004 | Not authorized (HTTP STATUS 403) - current user is not authorized for operation attempted on the resource (insufficient rights) |
 | 2005 | Object was changed by another user since retrieval (concurrency token mismatch).  A record was attempted to be saved but another user has just modified it so it's invalid. (first save "wins") |
+| 2006 | Authentication token replaced - A valid JWT token was presented, but it has been replaced by a more recent login |
 | 2010 | Object not found - API could not find the object requested |
 | 2020 | PUT Id mismatch - object Id does not match route Id |
 | 2030 | Invalid operation - operation could not be completed, not valid, details in message property |

server/AyaNova/Startup.cs

@@ -398,11 +398,11 @@ namespace AyaNova
                     context.Request.HttpContext.Items["AY_TRANSLATION_ID"] = u.translationId;
 
                     //CHECK JWT
-                    if (u.currentAuthToken != JWT)
+                    if (!context.Request.Path.Value.EndsWith("/Auth") && u.currentAuthToken != JWT)//except "/api/v8/Auth" so user can login  May need other routes later?
                     {
                         context.Response.StatusCode = 401;
-                        context.Response.Headers.Add("X-AyaNova-Authorization-Error", "Authorization token was replaced by more recent login");
+                        context.Response.Headers.Add("X-AyaNova-Authorization-Error", "E2006 - Authorization token replaced by more recent login");
-                        await context.Response.WriteAsync("Authorization token was replaced by more recent login");
+                        await context.Response.WriteAsync("E2006 - Authorization token replaced by more recent login");
                     }
                     else
                     {