[Docs] [txt|pdf] [draft-ietf-http...] [Tracker] [Diff1] [Diff2] [IPR]

PROPOSED STANDARD

Internet Engineering Task Force (IETF)                  R. Fielding, Ed.
Request for Comments: 7235                                         Adobe
Obsoletes: 2616                                          J. Reschke, Ed.
Updates: 2617                                                 greenbytes
Category: Standards Track                                      June 2014
ISSN: 2070-1721


            Hypertext Transfer Protocol (HTTP/1.1): Authentication

Abstract

    The Hypertext Transfer Protocol (HTTP) is a stateless application-
    level protocol for distributed, collaborative, hypermedia information
    systems.  This document defines the HTTP Authentication framework.



RFC 7235                 HTTP/1.1 Authentication               June 2014


3.1.  401 Unauthorized

    The 401 (Unauthorized) status code indicates that the request has not
    been applied because it lacks valid authentication credentials for
    the target resource.  The server generating a 401 response MUST send
    a WWW-Authenticate header field (Section 4.1) containing at least one
    challenge applicable to the target resource.
 
    If the request included authentication credentials, then the 401
    response indicates that authorization has been refused for those
    credentials.  The user agent MAY repeat the request with a new or
    replaced Authorization header field (Section 4.2).  If the 401
    response contains the same challenge as the prior response, and the
    user agent has already attempted authentication at least once, then
    the user agent SHOULD present the enclosed representation to the
    user, since it usually contains relevant diagnostic information.




Fielding & Reschke           Standards Track                    [Page 6]