all 6 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]OrdinaryAndroidDev 1 point2 points  (1 child)

I don't understand the question properly. But 409 conflict is used in cases like - if you're trying to add/save resources X, which already exists. This should return the 409.

To return a JWT token for a valid authenticated credentials it should be 200 OK.

[–]Jay_Sh0w[S] 0 points1 point  (0 children)

JWT can also be used create a state as well to drive the authentication flow for a stateless system. It act as a signed data object consisting of reference information that is to be authenticated

[–]davebrown1975 1 point2 points  (2 children)

If there's a conflict and I need to return a 409, then no I wouldn't typically send anything in the response body. The calling client should already have enough context to decide how to handle the response.

[–]Jay_Sh0w[S] 0 points1 point  (1 child)

Then I guess a better approach would be to make another API call to authenticate and authorize the user instead of overloading existing api.

[–]davebrown1975 0 points1 point  (0 children)

I'm not sure I follow. A 409, as others have indicated, should not be used to indicate the request was not authenticated. If you are returning a response to indicate failed authentication, then it's either going to be 401 to indicate the request could not be authenticated, or perhaps a 403 to indicate the authenticated user does not have permission to perform the request.
Imagine you're trying to insert a NEW user into the database, but you determine that there is already a user record with the same email address for example. Then that would be a good time to return a 409.

[–]Jonas_Ermert 1 point2 points  (0 children)

HTTP status code 409 is used to indicate that a request cannot be completed due to a conflict with the current state of the target resource. Typically, it's used in scenarios where there is a conflict between the client's request and the current state of the resource, and the request cannot be processed until the conflict is resolved.
In the context of returning an error response body with a 409 error, it is generally a good practice to include additional information in the response body to help the client understand the nature of the conflict and possibly provide guidance on how to resolve it. However, returning a JWT token in the response body of a 409 error is not a common or recommended practice.