21 lines
943 B
Markdown
21 lines
943 B
Markdown
|
# HTTP Error Codes
|
||
|
|
|
||
|
|
This document is the source of truth for backend RFC7807 `code` values consumed by frontend.
|
||
|
|
|
||
|
|
## Auth
|
||
|
|
|
||
|
|
| code | status | meaning | frontend handling |
|
||
|
|
|---|---:|---|---|
|
||
|
|
| `AUTH_SERVICE_UNAVAILABLE` | 503 | Auth upstream unavailable | Show retry message and allow retry |
|
||
|
|
| `AUTH_TOO_MANY_REQUESTS` | 429 | OTP request throttled | Show wait message |
|
||
|
|
| `AUTH_VERIFICATION_CODE_INVALID` | 401 | Invalid OTP code | Prompt user to re-enter code |
|
||
|
|
| `AUTH_REFRESH_TOKEN_INVALID` | 401 | Invalid/expired refresh token | Clear local session and return login |
|
||
|
|
| `AUTH_REFRESH_TOKEN_MISSING` | 401 | Refresh token missing on logout | Treat as local logout and clear session |
|
||
|
|
| `AUTH_USER_NOT_FOUND` | 404 | User not found | Show not-found message where applicable |
|
||
|
|
|
||
|
|
Compatibility strategy:
|
||
|
|
|
||
|
|
- Additive changes only for new codes.
|
||
|
|
- Existing codes must keep semantic meaning.
|
||
|
|
- Frontend must map by `code`, not by `detail` text.
|