If the authentication fails for the original caller (not failing authentication of the calling service, in which case we return 401), we return a 200, but with null principal and an error message
Optional principal
principal:model.Principal
The original caller's resolved principal object if the authentication succeeds, null otherwise.
If the authentication fails for the original caller (not failing authentication of the calling service, in which case we return 401), we return a 200, but with null principal and an error message