undefined | Better HN

0 pointsRyanMcGreal12y ago0 comments

My understanding is that the server should respond with 401 Unauthorized when someone is attempting to access a resource that requires authentication. What is the case for using 403 instead?

0 comments

2 comments · 2 top-level

daveid12y ago

OK, 401 makes more sense in that context. But another 403 case would be "the authorized user lacks permission to open resource."

gpvos12y ago

When they have authenticated (logged on), but they still do not have access to that particular resource (but may have access to others).

j / k navigate · click thread line to collapse