Return bad request instead of unauthorized

openapi.yml

@@ -18,6 +18,10 @@ servers:
 tags:
   - name: hello
     description: ""
+  - name: token
+    description: ""
+  - name: signing-request
+    description: ""
 
 paths:
   /hello:
@@ -51,6 +55,12 @@ paths:
             application/json:
               schema:
                 $ref: "#/components/schemas/CreateSessionResponse"
+        400:
+          description: "Couldn't process request"
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/ErrorResponse"
 
 components:
   schemas:

src/main/java/ch/dlmw/swisssignchallenge/filters/JwtRequestFilter.java

@@ -63,8 +63,8 @@ public class JwtRequestFilter extends OncePerRequestFilter {
             filterChain.doFilter(request, response);
         } catch (Exception e) {
             response.setContentType("application/json");
-            response.setStatus(HttpStatus.UNAUTHORIZED.value());
+            response.setStatus(HttpStatus.BAD_REQUEST.value());
-            response.getWriter().write(objectMapper.writeValueAsString(new ErrorResponse("Couldn't authenticate", HttpStatus.UNAUTHORIZED.value())));
+            response.getWriter().write(objectMapper.writeValueAsString(new ErrorResponse("Couldn't authenticate", HttpStatus.BAD_REQUEST.value())));
         }
     }