'I can not understand the working process of jwt and the 401 and 403 error and the work of refresh token
Recently I am learning jwt but I can not understand the actual work of jwt and 401 and 403 errors. It will be helpful for me if someone gives me a clear understanding of it. Thanks.
Solution 1:[1]
Http status 401
typically means that you are not correctly authenticated. This can be various things, e.g.
- you did not send JWT token in the request
- you sent JWT token in the request, but it is not valid (e.g. signature could not be validated)
- you sent JWT token in the request but it has expired.
Http status 403
typically means that you are not authorized. E.g. you provided correct JWT token, but you do not have access to the requested resource. E.g.
- a logged in user, with JWT token, tried to access an "admin page" but did not have access.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Jonas |