Details

      Description

      Reminder:

      401 basically means that you need to authenticate first and that with a correct authentication, the request might be accepted.

      403 means that the current user does not have access to the resource and it's useless to retry the request.

      In short terms, 401 is for authentication issue, 403 is for access issue.

      Ref: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html

      Unfortunately, our REST API mostly uses 401 instead of 403 and sometimes uses both wrongly
      Example: https://github.com/ezsystems/ezpublish-kernel/blob/master/doc/specifications/rest/REST-API-V2.rst#untrash-item

      as a result in the current state, it's close to impossible to correctly handle authentication, access and "normal" errors

        Issue Links

          Activity

          There are no comments yet on this issue.

            People

            • Assignee:
              Unassigned
              Reporter:
              Damien Pobel (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: