I am implementing a web service based on json-rpc.
For authentication I use HTTP Basic authentication.
Depending on the json-rpc documentation there is no error code for this type of error. https://www.jsonrpc.org/specification#error_object
I plan to respond for invalid authorization cases as follows,
{"jsonrpc": "2.0", "error": {"code": 401, "message": "Invalid Authentication"}, "id": null}
But I feel it is not a corret way of implementation. All json-rpc error codes defined from -32768 to -32000. Code 401 is not in this range (as it is an http status code). But also there is no suitable code for this type of error in the range
What is the best practice for this type of implementation.
According to json-rpc documantation:
The error codes from and including -32768 to -32000 are reserved for pre-defined errors. Any code within this range is reserved for future use
And codes from -32000 to -32099 reserved for implementation-defined server-errors.
So I decided to use -32001 for authentication errors. And -32002 for authorization errors.