Let's say we are initiating oauth flow from our server and the provider times out. What do we return as status code? 503 for try again later or 504 to state some other server timed out?
Asked
Active
Viewed 193 times
2
-
plus one to the question a hundred times if I'm allowed to! Interesting one, check my answer if it answers your question well! – N00b Pr0grammer Apr 14 '18 at 05:43
2 Answers
0
I think 502 are the most appropiate in this case
502 Bad Gateway
A 502 error means that a website server that is serving as a reverse proxy for the website origin server (for example, a CDN PoP) did not receive a valid response from the origin server. This may be because the origin server is experiencing issues, there is an invalid or incorrect DNS name, or because a firewall on the origin server has blocked the reverse proxy server request.
This may also occur when requests at the origin server are taking several minutes to complete and a caching tool such as Varnish Cache has been instructed to timeout after a set number of seconds. Varnish Cache has a default timeout of 60 seconds, which section.io recommends keeping for security and alerting reasons.
504 Gateway Timeout
Similar to the 502 error, the 504 Gateway Timeout error occurs if the server that is acting as a proxy for the website origin server did not receive a response from the website origin server within a set time period. This may indicate an issue with the DNS host or hosting company, or with the connection or configuration between the reverse proxy servers and the website origin server.
More info here https://www.section.io/blog/504-503-errors-difference/
jonhid
- 2,075
- 1
- 11
- 18
-
There is no blockage in our case though, it may work some time after if user tries again. – Behlül Apr 17 '18 at 16:24
-1
There is already an interesting question that has a similar context as yours, and there are a varied number of choices that you choose from.
Maybe have a quick look at this question.
In my opinion, from all the above-mentioned choices of HTTP status codes, I would recommend using 419 that states the following as per the documentation:
419 Authentication Timeout
Not a part of the HTTP standard, 419 Authentication Timeout denotes that previously valid authentication has expired. It is used as an alternative to 401 Unauthorized in order to differentiate from otherwise authenticated clients being denied access to the specific server
N00b Pr0grammer
- 4,503
- 5
- 32
- 46