0

I was wondering what HTTP status code should I return if user that is authorized tries to access page that should be accessible only by unauthorized users.

Currently I am just throwing 404, but was wondering if there is some common approach for this.

Improve this question
1
  • I am not sure this a "thing". 401 is for people not authorized to se a page but not the other way around. Commented May 19, 2021 at 15:02

1 Answer 1

Reset to default
1

HTTP Status Code 403 Forbidden can be used when a request isn't allowed based on the user's identification, so I guess it can be used in this case.

However, have you also considered sending back a Redirect (https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections) to send the user to a different resource that might be more appropriate because they are authenticated?

This is a common method used to redirect authenticated users away from login pages to their home screens or profile page.

Also, for future reference, I think you might be referring to autheNtication (with a N, the process of verifying a users identity) instead of authoriZation (with a Z, the process of determining whether an authenticated user has access to a particular resource)

https://www.okta.com/identity-101/authentication-vs-authorization/

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.