Separation of errors about authorization vs authentication

crownstone / crownstone-cloud

Crownstone Cloud Service. Particular parts of Crownstone data (depending on user preferences) can be stored online. This makes it possible to remotely control devices, share your presence with friends, or store energy consumption over time.

https://cloud.crownstone.rocks/

Apache License 2.0

4 stars 6 forks source link

Separation of errors about authorization vs authentication #2

Open mrquincle opened 7 years ago

mrquincle commented 7 years ago

Currently trying to obtain a sphere with an incorrect id, for example id 0 leads to 401 errors:

http://crownstone-cloud.herokuapp.com/explorer/#!/Sphere/Sphere_findById

This is exactly the same error as when login doesn't succeed.

It is recommended to use 403 errors for authorization / application logic:

See stackoverflow
This will also make it easier to see how a connection fails to the cloud.

AlexDM0 commented 7 years ago

I agree. We'll have to backtrack where these are generated. Odds are that they're loopback native..