Detect failed logins

We get a 200 even if the login failed for a bad password or because the server pushed back. We're explicitly checking for not having login keys, but it would be good to extract an error (from somewhere? I assume it's somewhere in the request?) and return it to the user.
