Last active
January 13, 2020 00:22
-
-
Save dmitshur/e3324122814c5ad714c999e2c8b3ab32 to your computer and use it in GitHub Desktop.
IndieAuth discovery redirection handling
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from https://indieauth.spec.indieweb.org/#discovery-by-clients: | |
> Clients MUST start by making a GET or HEAD request to [Fetch] the user's profile URL | |
> to discover the necessary values. Clients MUST follow HTTP redirects (up to a self- | |
> imposed limit). If an HTTP permament redirect (HTTP 301 or 308) is encountered, the | |
> client MUST use the resulting URL as the canonical profile URL. If an HTTP temporary | |
> redirect (HTTP 302 or 307) is encountered, the client MUST use the previous URL as | |
> the profile URL, but use the redirected-to page for discovery. | |
suppose user entered url: https://a.example | |
HTTP GET https://a.example | |
⤷ 301 to https://b.example | |
⤷ 301 to https://c.example | |
⤷ 302 to https://d.example | |
⤷ 302 to https://e.example | |
⤷ 302 to https://f.example | |
⤷ 301 to https://g.example | |
⤷ 301 to https://h.example | |
⤷ 301 to https://i.example | |
⤷ 302 to https://j.example | |
⤷ 302 to https://k.example | |
⤷ 302 to https://l.example | |
⤷ 200 OK, Content-Type: text/html; charset=utf-8 | |
end result canonical profile URL: https://i.example | |
look for authorization endpoint at: https://l.example |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment