Making a PATCH/update to a security group and trying to add a user that already exists results in an 500 Internal Server Error. My hope would be to get a better error code if the user already exists, rather than a generic Internal Server Error code.
Example with curl:
1. Verify group does not exist:
2. Create group "Texas"
3. Verify group exists, but with no members:
4. Add user "firstname.lastname@example.org" to group:
5. Verify user exists:
6. Attempt to add user again and get error: