TechQA.

Should Token Auth service return null or 401?

214 views Asked by At

I am working on JWT Authentication service that needs to provide JWT token to Angular client app and I have following dilemma:

What service should return in case bad credentials are provided:

  1. {token: null}, or
  2. 401 Not Authorized Http message

Does that make any difference when security is in question?

security authentication jwt api-auth
Original Q&A
1

There are 1 answers

1
Luis Gar On BEST ANSWER

Service can return both text message and 401 header:

HTTP/1.1 401 Unauthorized Content-Type: application/json
{
"error": "unauthorized"
}

A php can make:

<? echo json_encode("error" = > "Not Authorized");
      http_response_code(401);
      exit ;
?>

Sometimes I prefer even make a return 404 from the server, a not authorized to the browser can say the caller is in the good way even sending bad token

Related Questions in SECURITY

Related Questions in AUTHENTICATION

Related Questions in JWT

Related Questions in API-AUTH

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions