3.1.5.5 OAuth
The OAuth resource exposes topology information of a user’s home server. The client MUST discover the OAuth URL by parsing the href of the Link element in the GET response from the Root resource.
If the request to the OAuth resource does not contain an Authorization header as specified in section 2.2.2.1, the server MUST respond with a 401 Unauthorized response.
If the request to the OAuth resource contains an invalid Authorization header as specified in section 2.2.2.1, the server MUST respond with a 403 Forbidden response.
If a valid Authorization header is provided and the user’s home server information is unknown, the server MUST respond with a 404 Not Found response code and an empty body.
If a valid Authorization header is provided and the user’s home server information exists on a separate server, the server MUST respond with a 200 OK response code and a User element. The User element MUST contain only one link with a "Redirect" token. Semantics of the "Redirect" Token are in section 2.2.5.5.
If a valid Authorization header is provided and the user’s home server information exists on the current server, the server MUST respond with a 200 response code and a User element in the body. The User element might contain any of the following links depending on what is configured in the topology.
Internal/Autodiscover
External/Autodiscover
Internal/AuthBroker
External/AuthBroker
Internal/Ucwa
External/Ucwa
The SipAccess types might also be present in the response depending on what is configured in the topology