Which HTTP status code to say username or password were incorrect?

http authorization http-status-codes
26,495

If you use HTTP authentication as defined by RFC 7235, 401 would be correct (for missing or incorrect credentials).

Otherwise, use 403.

Share:
26,495
Nodari Lipartiya
Author by

Nodari Lipartiya

Updated on November 15, 2020

Comments

  • Nodari Lipartiya
    Nodari Lipartiya over 3 years

    I am implementing a simple registation/login module.

    While testing user credentials, I start thinking which HTTP status code will be appropriate, for the situation if a user send a request with incorrect credentials.

    At first, I thought 401 Unauthorized would be a nice status code, but it seems it will be better to use it when a user is trying to get some resource without authorisation.

    After, I switched to 409 Conflict

    This code is only allowed in situations where it is expected that the user might be able to resolve the conflict and resubmit the request.

    So, friends, please give me an advise, which status code should be used.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Headers not being set on http Flutter
HTTP status code for invalid format
HTTP 200 or 404 for empty list?
Download Stream with RestSharp and ResponseWriter
Custom Authorization Header
Extract HTTP Status Code from java.io.IOException
Why does the 304 status code count as a "redirect?"
Conditionally setting the HTTP status without directly manipulating the HttpServletResponse
What does "File not found" mean on a web page?
Mixing Subversion "SVNParentPath" and per-repository configurations?