Thursday, May 30, 2019

Should the client use the same signature method for 301 redirects

We have a customer who is using one of our REST services. The resource they are requesting has moved to a new location. We are responding with a 301 redirect, but when the client attempts to access the new location provided in the redirect response, they get an invalid authorization error. It was root caused to be that the required signature method for the authorization is not being used when accessing the new location.

The customer is arguing that we need to change our service since the request for their original resource is failing. Is there any clear specification about how the httpclient is expected to respond to the 301 redirect? Should they be using the same signature method for accessing the newly provided URL in the 301 redirect?

I've been reading the specification, but it doesn't seem to be clear. Am I missing anything in the specification or is there a defined industry standard best practice on how this is handled?



No comments:

Post a Comment