gpt4 book ai didi

rest - 返回过期密码的良好 http 状态代码是什么?

转载 作者:可可西里 更新时间:2023-11-01 15:10:56 24 4
gpt4 key购买 nike

当密码过期时,rest api 应该返回什么?我的意思是:用户名和密码正确,但已过期。

Here我发现

The mechanisms for expiring or revoking credentials can bespecified as part of an authentication scheme definition.

是否有关于什么是过期凭据的正确和/或正确的 http 状态代码的规范? http 状态代码是否适合处理凭据过期?

最佳答案

过期密码是无效密码,不能被服务器接受

因此,如果您使用 HTTP 身份验证(在 Authorization header 中发送凭据),则可以使用 401带有描述性有效负载。

以下是来自 RFC 7235 的一些引述,HTTP/1.1认证引用:

4.2. Authorization

The Authorization header field allows a user agent to authenticateitself with an origin server -- usually, but not necessarily, afterreceiving a 401 (Unauthorized) response. Its value consists ofcredentials containing the authentication information of the useragent for the realm of the resource being requested.

 Authorization = credentials

[...]

3.1. 401 Unauthorized

The 401 (Unauthorized) status code indicates that the request has notbeen applied because it lacks valid authentication credentials forthe target resource. The server generating a 401 response MUST senda WWW-Authenticate header field containing at least onechallenge applicable to the target resource.

If the request included authentication credentials, then the 401response indicates that authorization has been refused for thosecredentials. [...]

关于rest - 返回过期密码的良好 http 状态代码是什么?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/44669508/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com