Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AuthenticationFailed error response is inconsistent with HTTP spec #20

Open
alexdutton opened this issue Jan 31, 2020 · 1 comment · May be fixed by #21
Open

AuthenticationFailed error response is inconsistent with HTTP spec #20

alexdutton opened this issue Jan 31, 2020 · 1 comment · May be fixed by #21
Assignees
@alexdutton
Labels
review

Comments

@alexdutton
Copy link
Contributor

The SWORD spec says a 403 Forbidden response should be used in the scenario "The request supplied invalid credentials, or no credentials, when the server was expecting to authenticate the request.".

Invalid or no credentials should result in a 401 Unauthorized.

The spec is missing an error response for scenarios where the request is forbidden, e.g. if one is attempting to turn a completed deposit into an in-progress deposit, or otherwise modify a completed deposit.
alexdutton added a commit that referenced this issue Jan 31, 2020
@alexdutton
Change status code for AuthenticationFailed, and add DepositComplete
8929cb9 
This will still need building and deploying.

Resolves #20.
@alexdutton alexdutton linked a pull request Jan 31, 2020 that will close this issue
Open
@richard-jones
Copy link
Contributor

richard-jones commented Jul 22, 2020
edited
Loading

  • add a 401 Error Type to 9.8.1 with suitable description
  • modify 403 in 9.8.1 to only be returned if credentials were supplied and were wrong, and also allow it to be returned if there is a different reason the operation is forbidden
  • add a protocol requirement to return 401 when no credentials are supplied but are required
  • add some details about 401 vs 403 in section 10
  • update 7.1 in line with new meanings for these errors
  • add new error types to json-ld spec

@richard-jones richard-jones mentioned this issue Jul 22, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@alexdutton alexdutton

Labels
review
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix status code for auth failure, and add DepositCompleted exception. swordapp/swordv3
2 participants
@alexdutton @richard-jones