“The request requires user authentication. RFC 2616 Hypertext Transfer Protocol: 10.4.2 401 Unauthorized It’s clear from the description and other supporting texts that 401 is about authentication. There is essentially no recourse (other than requesting access somehow).īut isn’t “401 Unauthorized” about authorization, not authentication?īack when the HTTP spec (RFC 2616) was written, the two words may not have been as widely understood to be distinct. User experience: Tell user that this information is private. User Experience: Tell user that this information not available.ĥ) Authentication good, but access not allowed. If trying to “log in”: credentials are not valid User experience: If”logged in”: User should be “logged out”. User Experience: User should log in order to access this resource. Just the 4xx scenarios and how to handle themĢ) Access restricted to authenticated clients.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |