Which status code return when user is authenticated but not authorizated?

Asked Apr 15 '16 at 18:56

Active Apr 15 '16 at 18:56

Viewed 41 times

On the system exists two types of user: teachers and students.

Rule:

Only teachers can create projects by accessing /new/project. When this occurs, the status code of response is 200.

Problem:

In a REST scenerios, if students try to access the /new/project which status code must be returned in:

Students must be redirects (302)?

Students must see a not found page (404) as github does?

What about 403 status?

asked Apr 15 '16 at 18:56

2

If the user does not have the permission to access the resource, then 403 is the appropriate HTTP response code. – Charlotte Dunois Apr 15 '16 at 19:02
`401 Unauthorized` is used when someone tries to login and the login fails or tries to access a protected resource and hasn't authenticated yet. `403 Forbidden` is used when someone is authorized, but has insufficient privileges to access the requested resource. You can see a list of status codes and their definition on [wikipedia](https://en.wikipedia.org/wiki/List_of_HTTP_status_codes). – Jonathan Kuhn Apr 15 '16 at 19:14

0 Answers0