httpstatuses/contents/codes/401.md
2015-11-07 05:45:46 +00:00

29 lines
1.1 KiB
Markdown

---
set: 4
code: 401
title: Unauthorized
references:
"Rails HTTP Status Symbol": ":unauthorized"
---
The 401 Unauthorized status code indicates that the request has not been
applied because it lacks valid authentication credentials for the target
resource.
The server generating a 401 response MUST send a WWW-Authenticate header field
([RFC7235 Section 4.1][2]) containing at least one challenge applicable to the
target resource.
If the request included authentication credentials, then the 401 response
indicates that authorization has been refused for those credentials. The user
agent MAY repeat the request with a new or replaced Authorization header field
([RFC7235 Section 4.2][3]). If the 401 response contains the same challenge as
the prior response, and the user agent has already attempted authentication at
least once, then the user agent SHOULD present the enclosed representation to
the user, since it usually contains relevant diagnostic information.
Source: [RFC7235 Section 3.1][1]
[1]: <http://tools.ietf.org/html/rfc7235#section-3.1>
[2]: <http://tools.ietf.org/html/rfc7235#section-4.1>
[3]: <http://tools.ietf.org/html/rfc7235#section-4.2>