异常的HTTP状态代码应该是什么

异常的HTTP状态代码应该是什么

本文介绍了凭证过期错误/异常的HTTP状态代码应该是什么?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在开发RESTful API,已经实现了基于令牌的身份验证,其中使用时间戳来准备令牌摘要.现在,当请求到达API服务器时,我正在检查提供的时间戳是否无效(即,指定了来自Future/Past的日期时间),然后抛出错误消息,指示检测到未来令牌"或令牌已过期".我需要附加HTTP状态代码,我对哪种状态代码适合这种情况感到困惑?

我已经查看了可用的状态代码( ref1 ref2 ),到目前为止,我认为此处使用400的错误请求"代替401的未经授权"和403的禁止"状态代码是合适的.

你怎么看?

解决方案

由于时间戳无效,因此我认为令牌无效.因此,客户端不再经过身份验证.因此,我将抛出401未经授权.您可以随意添加上下文的额外数据作为带有X-前缀的HTTP标头,也可以添加根据接受"请求标头(json,文本等)编码的响应正文.喜欢:

{
  "error": {
    "status": 401,
    "details": {
      "code": "401.3",
      "description": "The timestamp provided must not be in the future."
    }
  }
}

它不是403禁止访问:403表示客户端已通过身份验证,但无权发送此请求".就您而言,我认为客户端不再经过身份验证.

I am developing RESTful APIs, I have implemented token-based authentication, where token digest is prepared using time-stamp. Now when request comes to API server, I am checking if the supplied time-stamp is invalid ( i.e. date-time from future/past is specified) then am throwing error message indicating that "future token detected" or "token has expired". I need to attach HTTP status code I am confused about which status code is suitable for this situation?

I have gone through the status codes available (ref1, ref2) so far, I think, using 400 'bad request' will be suitable here instead of 401 'Unauthorized' and 403 'forbidden' status codes.

what do you think guys?

解决方案

As the timestamp is invalid, I think the token is invalid. So the client is not authenticated anymore. So I would throw a 401 Unauthorized. You're free to add extra data of the context as HTTP header with the X- prefix, or to add a response body encoded according to the Accept request header (json, text, etc.). Like:

{
  "error": {
    "status": 401,
    "details": {
      "code": "401.3",
      "description": "The timestamp provided must not be in the future."
    }
  }
}

It is not a 403 Forbidden : 403 means "the client is authenticated but does not have the right to send this request". In your case, I think the client is not authenticated any more.

这篇关于凭证过期错误/异常的HTTP状态代码应该是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

09-03 18:50