When credentials fail authentication, Spring Security conventionally throws BadCredentialsException
.
OneTimeTokenAuthenticationProvider
should catch UsernameNotFoundException
, wrap it, and rethrow as BadCredentialsException
.
Comment From: jzheaux
Closed in favor of https://github.com/spring-projects/spring-security/pull/16506