diff options
| -rw-r--r-- | 97.md | 10 |
1 files changed, 9 insertions, 1 deletions
| @@ -24,10 +24,18 @@ The response MUST be a JSON object, with the format: | |||
| 24 | ```json | 24 | ```json |
| 25 | { | 25 | { |
| 26 | "status": <"success" or "error">, | 26 | "status": <"success" or "error">, |
| 27 | "message": <OPTIONAL string message to show user in the case of an error> | 27 | "message": <OPTIONAL string message to show user in the case of an error>, |
| 28 | "redirect_url": <OPTIONAL redirect URL> | ||
| 28 | } | 29 | } |
| 29 | ``` | 30 | ``` |
| 30 | 31 | ||
| 32 | For `redirect_url`, this should be used to bring the user to where they were while initiating the login process (now with the login complete). | ||
| 33 | This should be used in a way that is compatible with a different device being used to authorize the sign in than the one being logged in on. | ||
| 34 | An example for this is checking if the sign in was attempted from this device with a cookie, if so, redirect the user to where wanted to log in, | ||
| 35 | otherwise show a "continue on device" message. | ||
| 36 | |||
| 37 | The `redirect_url` SHOULD be shown to the user and in a way that indicates it will take the user back to the app, such as `Return to website`. | ||
| 38 | |||
| 31 | HTTPS should always be used except for `.onion` services, which should be contacted using HTTP. | 39 | HTTPS should always be used except for `.onion` services, which should be contacted using HTTP. |
| 32 | 40 | ||
| 33 | Clients MAY or MAY NOT decide to implement support for `.onion` services. | 41 | Clients MAY or MAY NOT decide to implement support for `.onion` services. |