Given the raw “me” URL the use is trying to authenticate as, fetch it and follow redirects until either the end of the chain is reached, a redirect loop is encountered or the scheme changes.
The simplest case, where fetching the given “me” URL results in no redirect.
Given a “me” URL of http://waterpigs.co.uk, which redirects nowhere, the result should be http://waterpigs.co.uk/ (secure) — note the trailing slash, a product of normalising the URL.
Just like the previous case except with one, non-scheme-altering redirect between the me URL and the final rel-me document URL.
Given a “me” URL of http://example.org, which redirects to http://foo.com/, the result should be http://foo.com/ (secure).
Just like the previous case but with multiple non-scheme-altering redirects.
Given a “me” URL of http://example.org, which redirects to http://example.com, which in turn redirects to http://foo.com/, the result should be http://foo.com/ (secure).
Just like the first case but with https.
Given a “me” URL of https://example.org, which doesn’t redirect anywhere, the result should be https://example.org/ (secure).
Given a “me” URL of http://example.org, which redirects to https://example.com/ (note change from HTTP to HTTPS), the result should be https://example.com/ (insecure).