Reputation: 508
What HTTP status code return when user needs to be UNAUTHORIZED to access page
I was wondering what HTTP status code should I return if user that is authorized tries to access page that should be accessible only by unauthorized users.
Currently I am just throwing 404, but was wondering if there is some common approach for this.
Upvotes: 0
Views: 510
Answers (1)
Reputation: 26
HTTP Status Code 403 Forbidden can be used when a request isn't allowed based on the user's identification, so I guess it can be used in this case.
However, have you also considered sending back a Redirect (https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections) to send the user to a different resource that might be more appropriate because they are authenticated?
This is a common method used to redirect authenticated users away from login pages to their home screens or profile page.
Also, for future reference, I think you might be referring to autheNtication (with a N, the process of verifying a users identity) instead of authoriZation (with a Z, the process of determining whether an authenticated user has access to a particular resource)
https://www.okta.com/identity-101/authentication-vs-authorization/
Upvotes: 1
Related Questions
- Correct HTTP status code when resource is available but not accessible because of permissions
- Correct return status code for authentication issues?
- Correct http status code for resource which requires authorization
- HTTP Status Code for Authenticated but Unauthorized?
- Should I return a 401 or a 405 response code to a REST API user without sufficient access?
- REST API: HTTP Status code for auth violation
- REST HTTP status code for "success, and thus you no longer have access"
- What is the appropriate HTTP status code for a password protected page?
- HTTP status code for missing authentication
- REST http status code for content that needs authentication?