A modern programming language that makes developers happier.

kotlinlang

Hi, using ktor client there is no body when we get a 401. There is a body if we change the api to return 400 for example. Is there a reason for this?

There is a body in the response of course, but it’s not logged and we can’t see it with `HttpResponse.bodyAsText()`

`401` indicates to the client that it lacks authentication credentials for the requested resource; generally clients will use that response code, in combination with the WWW-Authenticate header in the response, to resend the request with authentication credentials (which may elicit a 403 Forbidden if the credentials are invalid).
<https://datatracker.ietf.org/doc/html/rfc7235#section-3.1|RFC>.
While the RFC is silent on whether a body is allowed or not, the specified semantics don’t facilitate processing a body as the client is to retry the request with authentication credentials.
Anything beyond that is custom behaviour, assuming the http client could be customized to support that.

Either the server doesn't send the response body, or the body is consumed by the other part of the application.

<https://www.rfc-editor.org/rfc/rfc9110.html#name-client-error-4xx|https://www.rfc-editor.org/rfc/rfc9110.html#name-client-error-4xx>
&gt; the server *SHOULD* send a representation containing an explanation of the error situation
&gt; 
the body is not mandatory but expected, especially when
<https://www.rfc-editor.org/rfc/rfc9110.html#name-401-unauthorized|https://www.rfc-editor.org/rfc/rfc9110.html#name-401-unauthorized>
&gt; the user agent *SHOULD* present the enclosed representation to the user
&gt; 
so IMO it's an issue if ktor doesn't allow you to do that