-
Notifications
You must be signed in to change notification settings - Fork 1
HTTP Status Codes
The Easy Auth module which powers the Authentication / Authorization feature returns various HTTP status and sub-status codes when it handles requests. This section describes these status codes.
This generally means the module handled the HTTP request successfully. There are a few sub-status codes which can provide additional information:
- 200.71: A logout request was received by an unauthenticated client.
- 200.72: The user logged out successfully.
-
200.75: The request was completed by returning an HTML response that will post back with the URL fragment. This response is only applicable when the
WEBSITE_AUTH_PRESERVE_URL_FRAGMENTenvironment variable is present and set totrue. - 200.77: The client-directed login completed successfully.
This generally means a client invoked an Easy Auth API with invalid data. Details can be found in the application logs. The following sub-status codes are also defined:
- 400.73: A login failure occurred because of a protocol violation (e.g. required data was missing or malformed, etc.).
- 400.82: Token refresh is not supported by the specified identity provider (e.g. Facebook or Twitter).
- 400.83: A login attempt failed because the received token was invalid.
This generally means a request was rejected as unauthenticated. Details can usually be found in the application logs. The following sub-status codes are also defined:
- 401.71: Easy Auth rejected the request because the client is required to be authenticated.
- 401.73: Authentication failed because of an login protocol error.
- 401.78: An infinite redirect loop was detected during the authentication process.
- 401.83: Authentication failed because the specified authentication token was invalid.
This generally means that the authenticated user was denied access to a particular resource. Details can be found in the application logs. The following sub-status codes are also defined:
- 403.60: The request was rejected by the built-in CRSF protection rules.
- 403.70: The AJAX request failed because the cookie-based authentication session has expired.
- 403.76: The request was rejected due to a user-defined authorization rule (e.g. Azure AD security group restrictions or URL authorization rules).
- 403.80: The token refresh operation failed because no refresh token was found in the token store.
- 403.81: The refresh operation failed because the identity provider rejected the refresh request.
This generally means an internal error occurred in the module that is not necessarily the fault of the end user. This could be caused by invalid module configuration or unhandled exceptions. Details can be found in the application logs.
- 500.74: An internal error occurred because invalid configuration data was encountered by the module.
- 500.73: An internal error occurred during the login process. For example, required protocol data or tokens were missing.
- 500.79: The request failed because of an unhandled exception in the Easy Auth module.
Note that if the web app or function app is hosted in Azure and a 500.79 error is encountered, the details of the unhandled exception are also made available to the customer support team in Azure. No personal information is collected in this case.