You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The current implementation does not differentiate between HTTP 401 Unauthorized and HTTP 403 Forbidden responses.
At the moment, a HTTP 401 response is returned during request validation – regardless of whether the issue is related to authentication (missing / invalid credentials) or authorisation (missing required permissions / scopes).
This does not align with standard HTTP response code usage and could be improved.
Expected Behaviour
It should be possible to differentiate error responses based on the nature of the security failure:
HTTP 401 Unauthorized should be returned for missing or invalid authentication credentials.
HTTP 403 Forbidden should be returned for authenticated users lacking the necessary permissions or scopes.
The text was updated successfully, but these errors were encountered:
The current implementation does not differentiate between
HTTP 401 UnauthorizedandHTTP 403 Forbiddenresponses.At the moment, a HTTP 401 response is returned during request validation – regardless of whether the issue is related to authentication (missing / invalid credentials) or authorisation (missing required permissions / scopes).
This does not align with standard HTTP response code usage and could be improved.
Expected Behaviour
It should be possible to differentiate error responses based on the nature of the security failure:
HTTP 401 Unauthorizedshould be returned for missing or invalid authentication credentials.HTTP 403 Forbiddenshould be returned for authenticated users lacking the necessary permissions or scopes.The text was updated successfully, but these errors were encountered: