Given an HTTP REST service that manages identity data, for example, where a user resource is available at /Users/{id}, I would like to define a URI alias, /Me, that allows authenticated callers to access their own user information directly without needing to determine/utilize their unique resource identifier. The appropriate response and resulting resource representation would be based on the credentials provided in the Authorization header.
My question is regarding the appropriate HTTP status code to use if I want to redirect /Me callers to their corresponding user resource at /Users/{id}.
The 307 (Temporary Redirect) status code indicates that the target resource resides temporarily under a different URI
The 308 (Permanent Redirect) status code indicates that the target resource has been assigned a new permanent URI and any future references to this resource ought to use one of the enclosed URIs.
By description, neither seems quite appropriate.
- My concern with
307is that the target resource isn't really "temporarily" residing at a different URI. - My concern with
308is that the target/Meresource itself does not consistently map to a single new permanent resource URI, but rather, the redirectLocationfor this resource varies depending on the underlyingAuthorization.
Note: This question specifically relates to SCIM, but I'd like to discuss it more generally. The SCIM RFC suggests 308, but I'm trying to understand if this is an appropriate response given the aforementioned concerns. In lieu of a redirect, I may just return the user resource representation via 200 directly.