This document proposes conventions for authorization middlewares to follow in order for applications and authentication middlewares to be able to interact with each other.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119.
Authorization MUST be based on the token stored in the
If a token exists but the request is not authorized, a Stack authorization
middleware MUST return a
If a token does not exist, a Stack authorization middleware SHOULD return a
401 response with a
WWW-Authenticate: Stack header. This will give the
appropriate Stack authentication middlewares an opportunity to challenge as