Hacker News new | ask | show | jobs
by marcosdumay 1457 days ago
> A 403 in the API had a very specific meaning

And that meaning wasn't "you are authenticated as a user that can not access this resource"?
1 comments
kerbs 1454 days ago
It meant the client was expected to then make a request to refresh their session token.

Because of the middle layer sending a 403 instead of the API, clients would request refresh tokens in an infinite loop.

link