Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

HTTP status for "email not verified"

Tags:

I have seen the list of all HTTP status codes. However to me it looks like there is no code for "email not verified" (used for authentication/authorization). Did you ever had the same "problem"? What HTTP status code did you use?

I guess it should be a code starting with a 4 as it's a "client error".

like image 351
mosquito87 Avatar asked Mar 29 '16 11:03

mosquito87


People also ask

What are good HTTP status codes?

Status Code 200 – This is the standard “OK” status code for a successful HTTP request. The response that is returned is dependent on the request. For example, for a GET request, the response will be included in the message body.

What is HTTP status message?

When a browser requests a service from a web server, an error might occur, and the server might return an error code like "404 Not Found". It is common to name these errors HTML error messages. But these messages are something called HTTP status messages. In fact, the server always returns a message for every request.

What is the HTTP status for exception?

Creating your own exception classes Important: An uncaught exception in your application results in an HTTP 503 error from your Cloud Endpoints API, unless it extends com. google. api. server.


1 Answers

The 4xx class of status code is intended for situations in which the client seems to have erred:

6.5. Client Error 4xx

The 4xx (Client Error) class of status code indicates that the client seems to have erred. Except when responding to a HEAD request, the server SHOULD send a representation containing an explanation of the error situation, and whether it is a temporary or permanent condition. These status codes are applicable to any request method. User agents SHOULD display any included representation to the user.

For authentication and authorization, 401 and 403 are the proper status codes to be used, respectively. Regardless of the status code, you should always describe that reason of the error in the response payload.

401 Unauthorized

Use this status code for problems with HTTP authentication, that is, invalid credentials.

3.1. 401 Unauthorized

The 401 (Unauthorized) status code indicates that the request has not been applied because it lacks valid authentication credentials for the target resource. The server generating a 401 response MUST send a WWW-Authenticate header field containing at least one challenge applicable to the target resource.

If the request included authentication credentials, then the 401 response indicates that authorization has been refused for those credentials. The user agent MAY repeat the request with a new or replaced Authorization header field. If the 401 response contains the same challenge as the prior response, and the user agent has already attempted authentication at least once, then the user agent SHOULD present the enclosed representation to the user, since it usually contains relevant diagnostic information.

403 Forbidden

Use this status code for problems with authorization, that is, the credentials are valid but they are insufficient to grant access.

6.5.3. 403 Forbidden

The 403 (Forbidden) status code indicates that the server understood the request but refuses to authorize it. A server that wishes to make public why the request has been forbidden can describe that reason in the response payload (if any).

If authentication credentials were provided in the request, the server considers them insufficient to grant access. The client SHOULD NOT automatically repeat the request with the same credentials. The client MAY repeat the request with new or different credentials. However, a request might be forbidden for reasons unrelated to the credentials. [...]

like image 155
cassiomolin Avatar answered Sep 27 '22 20:09

cassiomolin