Better feedback when not able to authenticate

I have spent the better part of 2 days troubleshooting an issue where I could not retrieve users or vaults on a server while these queries worked on another one. Eventually I found out the Application Identity I used had IP restrictions implemented.

When running the following to authenticate I got the following response (I used the -AsLegacyResponse to get more feedback during testing).

PS> New-DSSession -BaseUri $Uri -Credential $Credential -AsApplication -AsLegacyResponse

DetailedErrorMessage ErrorMessage IsSuccess                Result
-------------------- ------------ ---------                ------
                                       True               Success

Though in fact I was not authenticated due to the IP restriction. Performing a follow-up query thus yielded the following result.

PS> Get-DSVault -All -AsLegacyResponse

DetailedErrorMessage ErrorMessage IsSuccess                Result
-------------------- ------------ ---------                ------
                                      False WebApiRedirectToLogin

After finally finding the solution for my issue, I noticed I actually got a faint hint about not being authenticated when using verbose logging.
Without IP restrictions in place the following will happen.

PS> New-DSSession -BaseUri $Uri -Credential $Credential -AsApplication -Verbose -AsLegacyResponse

VERBOSE: [New-DSSession] Beginning...
VERBOSE: [New-DSSession] Server version: 2025.3.5.0
VERBOSE: [New-DSSession] Authenticating as <redacted>
VERBOSE: [New-DSSession] Login as an application
VERBOSE: [New-DSSession] End

With IP restrictions the following will.

PS> New-DSSession -BaseUri $Uri -Credential $Credential -AsApplication -Verbose -AsLegacyResponse

VERBOSE: [New-DSSession] Beginning...
VERBOSE: [New-DSSession] Server version: 2025.3.5.0
VERBOSE: [New-DSSession] Authenticating as <redacted>

VERBOSE: [New-DSSession] End

As you can see there is an empty line in the second response, which is the only indication authentication actually failed.

While troubleshooting I have also checked $global:DSSessionToken as well to see if I was authenticated. This variable has been filled even when failing to authenticate.

Could you add better feedback about failing the authentication? There is no need to hint towards IP restrictions as to now give attackers a clue. But at least let me know authentication has failed, since now I have been looking into the DSSessionToken not being passed onto subsequent requests.
Also please don't fill the DSSessionToken if there is no session.