qzl
943 B
943 B
HTTP Error Codes
This document is the source of truth for backend RFC7807 code values consumed by frontend.
Auth
| code | status | meaning | frontend handling |
|---|---|---|---|
AUTH_SERVICE_UNAVAILABLE |
503 | Auth upstream unavailable | Show retry message and allow retry |
AUTH_TOO_MANY_REQUESTS |
429 | OTP request throttled | Show wait message |
AUTH_VERIFICATION_CODE_INVALID |
401 | Invalid OTP code | Prompt user to re-enter code |
AUTH_REFRESH_TOKEN_INVALID |
401 | Invalid/expired refresh token | Clear local session and return login |
AUTH_REFRESH_TOKEN_MISSING |
401 | Refresh token missing on logout | Treat as local logout and clear session |
AUTH_USER_NOT_FOUND |
404 | User not found | Show not-found message where applicable |
Compatibility strategy:
- Additive changes only for new codes.
- Existing codes must keep semantic meaning.
- Frontend must map by
code, not bydetailtext.