Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Which HTTP status code to say username or password were incorrect?

I am implementing a simple registation/login module.

While testing user credentials, I start thinking which HTTP status code will be appropriate, for the situation if a user send a request with incorrect credentials.

At first, I thought 401 Unauthorized would be a nice status code, but it seems it will be better to use it when a user is trying to get some resource without authorisation.

After, I switched to 409 Conflict

This code is only allowed in situations where it is expected that the user might be able to resolve the conflict and resubmit the request.

So, friends, please give me an advise, which status code should be used.

like image 876
Nodari Lipartiya Avatar asked Sep 29 '14 06:09

Nodari Lipartiya


People also ask

Which HTTP status code is incorrect password?

The HyperText Transfer Protocol (HTTP) 401 Unauthorized response status code indicates that the client request has not been completed because it lacks valid authentication credentials for the requested resource.

Which HTTP status code is usually returned when a user provide incorrect credentials?

401: “Unauthorized” or “Authorization Required.” This is returned by the server when the target resource lacks valid authentication credentials. You might see this if you've set up basic HTTP authentication using htpasswd.

What is a 201 status code?

What Is a 201 Status Code? The request has been fulfilled and has resulted in one or more new resources being created. The primary resource created by the request is identified by either a Location header field in the response or, if no Location field is received, by the effective request URI.

What is HTTP code for bad login?

401 is the proper response code to send when a failed login has happened. 401 Unauthorized Similar to 403 Forbidden, but specifically for use when authentication is required and has failed or has not yet been provided.


1 Answers

If you use HTTP authentication as defined by RFC 7235, 401 would be correct (for missing or incorrect credentials).

Otherwise, use 403.

like image 111
Julian Reschke Avatar answered Oct 23 '22 00:10

Julian Reschke