Whether incorrect username or incorrect password I get the same 401 error and ‘unable to sign in’ message. I am looking for a way to do a redirect to another url if the username does not exist and stay if password entered incorrectly, I understand the reasons for not telling the end user which is incorrect as it would give malicious parties confirmation when they would try to breach accounts
As you sort of guessed, for user enumeration protection, our APIs do not return information about whether or not a given username exists in an Okta org.