2015-11-06 21:39:33 +01:00
|
|
|
---
|
|
|
|
|
set: 4
|
|
|
|
|
code: 401
|
|
|
|
|
title: Unauthorized
|
2015-11-07 05:34:40 +01:00
|
|
|
references:
|
|
|
|
|
"Rails HTTP Status Symbol": ":unauthorized"
|
2016-01-27 23:08:33 +01:00
|
|
|
"Go HTTP Status Constant": "http.StatusUnauthorized"
|
2015-11-06 21:39:33 +01:00
|
|
|
---
|
|
|
|
|
|
2015-11-09 02:44:05 +01:00
|
|
|
The request has not been applied because it lacks valid authentication
|
|
|
|
|
credentials for the target resource.
|
2015-11-07 06:45:46 +01:00
|
|
|
|
2015-11-09 02:44:05 +01:00
|
|
|
The server generating a 401 response MUST send a WWW-Authenticate header
|
|
|
|
|
field<sup>[1](#ref-1)</sup> containing at least one challenge applicable to the
|
2015-11-07 06:45:46 +01:00
|
|
|
target resource.
|
2015-11-07 05:34:40 +01:00
|
|
|
|
|
|
|
|
If the request included authentication credentials, then the 401 response
|
|
|
|
|
indicates that authorization has been refused for those credentials. The user
|
2015-11-09 02:44:05 +01:00
|
|
|
agent MAY repeat the request with a new or replaced Authorization header
|
|
|
|
|
field<sup>[2](#ref-2)</sup>. If the 401 response contains the same challenge as
|
2015-11-07 05:34:40 +01:00
|
|
|
the prior response, and the user agent has already attempted authentication at
|
|
|
|
|
least once, then the user agent SHOULD present the enclosed representation to
|
|
|
|
|
the user, since it usually contains relevant diagnostic information.
|
|
|
|
|
|
2015-11-09 02:44:05 +01:00
|
|
|
---
|
|
|
|
|
|
|
|
|
|
* <span id="ref-1"><sup>1</sup> WWW-Authenticate [RFC7235 Section 4.1][2]</span>
|
|
|
|
|
* <span id="ref-2"><sup>2</sup> Authorization [RFC7235 Section 4.2][3]</span>
|
|
|
|
|
* Source: [RFC7235 Section 3.1][1]
|
2015-11-07 05:34:40 +01:00
|
|
|
|
|
|
|
|
[1]: <http://tools.ietf.org/html/rfc7235#section-3.1>
|
|
|
|
|
[2]: <http://tools.ietf.org/html/rfc7235#section-4.1>
|
2016-01-27 23:08:33 +01:00
|
|
|
[3]: <http://tools.ietf.org/html/rfc7235#section-4.2>
|
