{"id":742,"date":"2018-10-24T00:34:38","date_gmt":"2018-10-23T22:34:38","guid":{"rendered":"https:\/\/www.dereckson.be\/blog\/?p=742"},"modified":"2018-10-24T00:34:40","modified_gmt":"2018-10-23T22:34:40","slug":"implement-well-known-change-password","status":"publish","type":"post","link":"https:\/\/www.dereckson.be\/blog\/2018\/10\/24\/implement-well-known-change-password\/","title":{"rendered":"Implement \/.well-known\/change-password"},"content":{"rendered":"\n

The \/.well-known\/change-password<\/strong>\u00a0is a new URL provided by Safari to allow to redirect the user on the location they can change their password.<\/p>\n\n\n\n

As an application developer or as an operations engineer, you can consider two convenient places where to implement this redirect.<\/p>\n\n\n\n

\n
\n

Application code<\/h3>\n\n\n\n

As an application developer, you can consider if it’s the responsibility of your own application to provide such a redirect.<\/p>\n\n\n\n

That’s probably the case if the URL isn’t trivial: for example Phabricator and Jenkins include the username in the settings page.<\/p>\n<\/div>\n\n\n\n

\n

Web server configuration<\/h3>\n\n\n\n

The other obvious place to implement the redirect is the web server configuration.<\/p>\n\n\n\n

A 301 redirect<\/a>\u00a0indicates to the browser the resource has been moved permanently, and as such, seems the more convenient choice. The target page should be the account settings \/ credentials page.\u00a0 Ideally, HTTPS should be enforced, as we update credentials.<\/p>\n<\/div>\n<\/div>\n\n\n\n

Who already implement this?<\/h3>\n\n\n\n

Currently, the redirect seems implemented in proprietary sites like GitHub or open source applications like Mastodon.<\/p>\n\n\n\n

An example implementation: nginx + Bugzilla<\/h3>\n\n\n\n

In the front-end nginx server block, in addition to a proxy_pass to the back-end, you can include the following\u00a0 code:<\/p>\n\n\n\n

    location \/.well-known\/change-password {\n        return 301 https:\/\/$host\/userprefs.cgi?tab=account;\n    }<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"
The \/.well-known\/change-password is a new URL provided by Safari to allow to redirect the user on the location they can change their password.<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[49,50],"tags":[],"class_list":["post-742","post","type-post","status-publish","format-standard","hentry","category-dev","category-sysadmin"],"_links":{"self":[{"href":"https:\/\/www.dereckson.be\/blog\/wp-json\/wp\/v2\/posts\/742","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dereckson.be\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dereckson.be\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dereckson.be\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dereckson.be\/blog\/wp-json\/wp\/v2\/comments?post=742"}],"version-history":[{"count":1,"href":"https:\/\/www.dereckson.be\/blog\/wp-json\/wp\/v2\/posts\/742\/revisions"}],"predecessor-version":[{"id":743,"href":"https:\/\/www.dereckson.be\/blog\/wp-json\/wp\/v2\/posts\/742\/revisions\/743"}],"wp:attachment":[{"href":"https:\/\/www.dereckson.be\/blog\/wp-json\/wp\/v2\/media?parent=742"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dereckson.be\/blog\/wp-json\/wp\/v2\/categories?post=742"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dereckson.be\/blog\/wp-json\/wp\/v2\/tags?post=742"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}