Skip to content

Instantly share code, notes, and snippets.

@dmitshur
Last active January 13, 2020 00:22
Show Gist options
  • Save dmitshur/e3324122814c5ad714c999e2c8b3ab32 to your computer and use it in GitHub Desktop.
Save dmitshur/e3324122814c5ad714c999e2c8b3ab32 to your computer and use it in GitHub Desktop.
IndieAuth discovery redirection handling
from https://indieauth.spec.indieweb.org/#discovery-by-clients:
> Clients MUST start by making a GET or HEAD request to [Fetch] the user's profile URL
> to discover the necessary values. Clients MUST follow HTTP redirects (up to a self-
> imposed limit). If an HTTP permament redirect (HTTP 301 or 308) is encountered, the
> client MUST use the resulting URL as the canonical profile URL. If an HTTP temporary
> redirect (HTTP 302 or 307) is encountered, the client MUST use the previous URL as
> the profile URL, but use the redirected-to page for discovery.
suppose user entered url: https://a.example
HTTP GET https://a.example
⤷ 301 to https://b.example
⤷ 301 to https://c.example
⤷ 302 to https://d.example
⤷ 302 to https://e.example
⤷ 302 to https://f.example
⤷ 301 to https://g.example
⤷ 301 to https://h.example
⤷ 301 to https://i.example
⤷ 302 to https://j.example
⤷ 302 to https://k.example
⤷ 302 to https://l.example
⤷ 200 OK, Content-Type: text/html; charset=utf-8
end result canonical profile URL: https://i.example
look for authorization endpoint at: https://l.example
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment