search

bshaffer / oauth2-server-php

A library for implementing an OAuth2 Server in php
http://bshaffer.github.io/oauth2-server-php-docs
MIT License
3.26k stars 950 forks source link

Update error code from 400 to 401 #846

Closed ZhouShiJun5 closed 7 years ago

ZhouShiJun5 commented 7 years ago

Update error code from 400 (Bad Request) to 401 (Unauthorized)

bshaffer commented 7 years ago

401 Is not the appropriate status code here:

Similar to 403 Forbidden, but specifically for use when authentication is required and has failed or has not yet been provided

401 is a request to a resource which has failed because authentication hasn't been provided. In the case above, authentication has failed because the request being made is wrong, i.e. BAD REQUEST.