Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Add informative text clarifying that servers may use complex logic to determine where to redirect to #4
This is a pretty big problem... Having a unified link is useless if there's no direction on login pages and redirects.
I think the goal of this proposal is to make it easier for password managers to implement "auto-change-password" type features for all sites instead of having to implement on a site-by-site basis where it might change.
If so, some things are missing:
This should allow the goal of automation for password managers to succeed.
Why not simply require
If I understood the proposal correctly there is no need for a special response code. Password managers check for the existence of that well-known URL endpoint and if it does exist, open it in a browser. Auto-filling in the credentials when being redirected to a login page could then be done just as usual.
As with any other request a web server handles, the server is free to use whatever logic it wants to when determining where to redirect to. This spec doesn't need to make any additional normative statements for this; it's just inherent in how HTTP etc. work.
I'll add informative text clarifying this.