httpstatuses/contents/codes/401.md

35 lines
1.4 KiB
Markdown
Raw Normal View History

2015-11-06 21:39:33 +01:00
---
set: 4
code: 401
title: Unauthorized
references:
"Rails HTTP Status Symbol": ":unauthorized"
2016-01-27 23:08:33 +01:00
"Go HTTP Status Constant": "http.StatusUnauthorized"
"Symfony HTTP Status Constant": "Response::HTTP_UNAUTHORIZED"
2015-11-06 21:39:33 +01:00
---
The request has not been applied because it lacks valid authentication
credentials for the target resource.
The server generating a 401 response MUST send a WWW-Authenticate header
field<sup>[1](#ref-1)</sup> containing at least one challenge applicable to the
target resource.
If the request included authentication credentials, then the 401 response
indicates that authorization has been refused for those credentials. The user
agent MAY repeat the request with a new or replaced Authorization header
field<sup>[2](#ref-2)</sup>. If the 401 response contains the same challenge as
the prior response, and the user agent has already attempted authentication at
least once, then the user agent SHOULD present the enclosed representation to
the user, since it usually contains relevant diagnostic information.
---
* <span id="ref-1"><sup>1</sup> WWW-Authenticate [RFC7235 Section 4.1][2]</span>
* <span id="ref-2"><sup>2</sup> Authorization [RFC7235 Section 4.2][3]</span>
* Source: [RFC7235 Section 3.1][1]
[1]: <http://tools.ietf.org/html/rfc7235#section-3.1>
[2]: <http://tools.ietf.org/html/rfc7235#section-4.1>
2016-01-27 23:08:33 +01:00
[3]: <http://tools.ietf.org/html/rfc7235#section-4.2>