2015-11-06 21:39:33 +01:00
|
|
|
---
|
|
|
|
|
set: 4
|
|
|
|
|
code: 401
|
|
|
|
|
title: Unauthorized
|
2015-11-07 05:34:40 +01:00
|
|
|
references:
|
|
|
|
|
"Rails HTTP Status Symbol": ":unauthorized"
|
2015-11-06 21:39:33 +01:00
|
|
|
---
|
|
|
|
|
|
2015-11-07 06:45:46 +01:00
|
|
|
The 401 Unauthorized status code indicates that the request has not been
|
2015-11-07 05:34:40 +01:00
|
|
|
applied because it lacks valid authentication credentials for the target
|
2015-11-07 06:45:46 +01:00
|
|
|
resource.
|
|
|
|
|
|
|
|
|
|
The server generating a 401 response MUST send a WWW-Authenticate header field
|
|
|
|
|
([RFC7235 Section 4.1][2]) containing at least one challenge applicable to the
|
|
|
|
|
target resource.
|
2015-11-07 05:34:40 +01:00
|
|
|
|
|
|
|
|
If the request included authentication credentials, then the 401 response
|
|
|
|
|
indicates that authorization has been refused for those credentials. The user
|
|
|
|
|
agent MAY repeat the request with a new or replaced Authorization header field
|
|
|
|
|
([RFC7235 Section 4.2][3]). If the 401 response contains the same challenge as
|
|
|
|
|
the prior response, and the user agent has already attempted authentication at
|
|
|
|
|
least once, then the user agent SHOULD present the enclosed representation to
|
|
|
|
|
the user, since it usually contains relevant diagnostic information.
|
|
|
|
|
|
|
|
|
|
Source: [RFC7235 Section 3.1][1]
|
|
|
|
|
|
|
|
|
|
[1]: <http://tools.ietf.org/html/rfc7235#section-3.1>
|
|
|
|
|
[2]: <http://tools.ietf.org/html/rfc7235#section-4.1>
|
|
|
|
|
[3]: <http://tools.ietf.org/html/rfc7235#section-4.2>
|
