Skip to content

Authorization errors to be specified in protocol documentation #41

Description

@moscicki

@dragotin: I think we should specify this to distinguish wrong credentials (a failed login due to wrong/expired user password) from accessing a resource without permissions with good credentials.

I guess:

  • for wrong credentials it is: 401 Unauthorized -- user may/will be asked to re-authenticate (password)
  • for good credentials but no permission it is: 403 Forbidden -- user won't be asked to reauthenticate.

Is this correct?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions