Well-Known Endpoints
Endpoints used by rstream auth and session-aware upstream services.
The engine exposes well-known endpoints under /.well-known/rstream/ for session-aware HTTP integrations. These endpoints are intended for upstream services that want to surface authentication state, implement logout, or integrate rstream auth into an existing web application.
Two endpoints are defined: a session endpoint and a logout endpoint.
Session endpoint
/.well-known/rstream/session accepts GET and HEAD. When authentication cannot be resolved, the endpoint returns a response that indicates an unauthenticated state.
In builds that support rstream auth, the session response can expose which authentication method was used and which tunnel policies are active, such as token authentication, rstream auth, and challenge mode.
Logout endpoint
/.well-known/rstream/logout accepts POST. The handler enforces content-type rules and validates origin and referrer against the request host and scheme.