undefined | Better HN

0 pointsmarcosdumay3y ago0 comments

> A 403 in the API had a very specific meaning

And that meaning wasn't "you are authenticated as a user that can not access this resource"?

0 comments

kerbs3y ago

It meant the client was expected to then make a request to refresh their session token.

Because of the middle layer sending a 403 instead of the API, clients would request refresh tokens in an infinite loop.

j / k navigate · click thread line to collapse

0 pointsmarcosdumay3y ago0 comments

> A 403 in the API had a very specific meaning

And that meaning wasn't "you are authenticated as a user that can not access this resource"?

kerbs3y ago

It meant the client was expected to then make a request to refresh their session token.

Because of the middle layer sending a 403 instead of the API, clients would request refresh tokens in an infinite loop.

j / k navigate · click thread line to collapse