哪个HTTP状态代码说用户名或密码不正确？ [英] Which HTTP status code to say username or password were incorrect?

问题描述

我正在实现一个简单的注册/登录模块。

I am implementing a simple registation/login module.

在测试用户凭据时，我开始考虑哪种HTTP状态代码适用于用户的情况发送一个包含不正确凭证的请求。

While testing user credentials, I start thinking which HTTP status code will be appropriate, for the situation if a user send a request with incorrect credentials.

起初，我认为401 Unauthorized是一个很好的状态代码，但似乎当用户使用它时会更好试图在未经授权的情况下获得一些资源。

At first, I thought 401 Unauthorized would be a nice status code, but it seems it will be better to use it when a user is trying to get some resource without authorisation.

之后，我切换到409冲突

After, I switched to 409 Conflict

此代码仅在预期用户可能能够解决冲突并重新提交请求的情况下才允许。

This code is only allowed in situations where it is expected that the user might be able to resolve the conflict and resubmit the request.

所以，朋友们，请给我一个建议，应该使用哪个状态代码。

So, friends, please give me an advise, which status code should be used.

推荐答案

如果您使用RFC 7235定义的HTTP身份验证，401将是正确的（缺少或不正确的凭据）。

If you use HTTP authentication as defined by RFC 7235, 401 would be correct (for missing or incorrect credentials).

否则，请使用403。

这篇关于哪个HTTP状态代码说用户名或密码不正确？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！