API > Redirection and Security > Flashcards

Redirection and Security Flashcards

(4 cards)

Study These Flashcards
1
Q

Enforcing HTTPs

A

http://example.com → 301 Moved Permanently
Location: https://example.com

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Post-Authentication Redirects (Login Flow)

A

User requests protected resource
Server redirects to login
Login succeeds
Redirect back to original resource
302 Found → /login
302 Found → /dashboard

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

OAuth Redirects

A

GET https://app.example.com/dashboard - User attempts to access protected resource. Gets redirected to IDP
302 Found
Location: https://idp.example.com/authorize?
response_type=code
&client_id=app-client-id etc etc
redirect_uri is pre-registered
User enters credentials only at the IdP:
https://idp.example.com/login
IdP redirects back with Authorization Code
302 Found
Location: https://app.example.com/callback?
code=SplxlOBeZQQYbYS6WxSbIA
&state=abc123

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

302 redirect

A

A 302 Redirect (302 Found) tells the client:
“The resource is temporarily located at a different URL. Go there for now.”
It is one of the most commonly used redirects—especially in authentication and security flows.
When a server responds with 302, it:
Sends a Location header with a new URL
Tells the browser/client to immediately make another request to that URL
Does not indicate a permanent change
Most browsers:
Convert POST → GET after a 302
POST /login
→ 302 /home
→ GET /home

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
API
flashcards
Decks in class (15)
# Cards
Brainscape helps you reach your goals faster, through stronger study habits.
© 2026 Bold Learning Solutions. Terms and Conditions