My understanding is that a permanent redirect would be telling the client (and any other clients getting cached results from an intermediary) to now stop using the original endpoint in perpetuity for all cases. I don’t think that is appropriate (in the general case) for an endpoint with request processing business logic behind it, since that logic may change over time.
-DW > On Feb 4, 2019, at 6:28 AM, Brian Campbell > <bcampbell=40pingidentity....@dmarc.ietf.org> wrote: > > Yeah, probably. > > On Sat, Feb 2, 2019 at 12:39 AM Neil Madden <neil.mad...@forgerock.com > <mailto:neil.mad...@forgerock.com>> wrote: > If we go down the 307 route, shouldn’t it rather be a 308 (permanent) > redirect? It seems unnecessary for the client to keep trying the original > endpoint or have to remember cache-control/expires timeouts. > > — Neil
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
