When using a rewriting proxy sever, I would like to have the Zotero application save URLs in native vendor representation, e.g.

Zotero should already do this and does for me. Could you provide specific examples where it doesn't?

The prefix vs. proxy schema part is different from the current behavior, though, isn't it? And while I don't know anything about this, to the extent that it is an issue, the prefix method may have advantages:

Also, some resources have special authentication hooks used by the proxy servers that are only activated when specific entry points are used. Loading the deep link URL directly can bypass these authentication hooks in some cases, leaving the user unable to retrieve the content. Using the proxy prefix method ensures that these authentication hooks are executed.

Using a prefix would also seem to be more stable than the proxy schema that includes a hostport [fixed typo].

| | When using a rewriting proxy sever, I would like to have the Zotero application
| | save URLs in native vendor representation, e.g.

| Zotero should already do this and does for me. Could you provide specific
| examples where it doesn't?

I am not seeing unproxied URLs saved in the app:

https://123456789-p1-y-https-go-gale-com.proxy.example.edu/ps/i.do?p=AONE&u=12345&v=2.1&it=r&id=GALE|A624182319&inPS=true&linkSource=interlink&sid=AONE

If you can point me in the right direction for how to ensure that these are cleaned up between the browser plugin and the app, I will happily work on a patch for this.

| Reload via Proxy is just a recent convenience feature for when you end up on a
| domain that you haven't previously accessed via your configured proxy (which
| generally wouldn't be the case for sites you've previously saved from via the
| Connector). Once you do, it will be registered as an associated domain and Reload
| via Proxy will no longer be necessary for that site.

Reload via proxy has an issue when "%a" is used in the proxy scheme.

With "https://%a-y-https-%h.proxy.example.edu/%p" as the pattern, Reload via proxy yields this URL:

"https://-y-https-www-vendor-com.proxy.example.edu/path/to/article"

Since in this case %a is intended to cover a session ID and server ID in the schema for the proxied URL, the resulting URL is completely meaningless. Even if this were not, this style of URL does not work to start a new session on Muse Knowledge Proxy, as it is a multi-tenant application, and behaves differently than EZProxy does (see one of my next comments for more information on this).

| None of this needs to be or should be a plugin.

I am not proposing a new plugin, just a tweak to the current behavior to improve usability for those who use multiple proxy servers (faculty at institution A & student at institution B; student at institution C taking classes at an extension campus of institutionD, etc).

| I'm not sure what those "special authentication hooks" would be.

I am speaking specifically about the special interactions between the proxy server and the vendor platform, primarily on ebook platforms that are used to communicate the concept of an anonymized user between the proxy and the vendor using proprietary authentication API hooks between the proxy and the vendor.

| EZproxy (which constitutes the vast majority of proxy usage)

My interest in this is to make Zotero a viable option for the 300 institutions using the Muse Knowledge Proxy platform that I support.

| While Zotero doesn't actually store proxied
| URLs, you should be able to store a proxied URL and retrieve it later — or, say,
|restore a previously loaded tab — without going to a different, special login URL.

That is not the behavior that I am currently seeing (see comment above for specific URL and the proxy schema that was used. Also, I have citations from several years ago that do have a proxy prefix in the record URL, so this may be a legacy behavior that has since changed (see previous comment for an example).

I understand what your are saying about persistent URLs, but this software has a long history going back decades now, and was originally part of a much larger software stack, so some of this is carry over from design decisions that were made long ago for a completely different purpose. Just like how I wish EZProxy had never supported non-RFC compliant "url=" behavior that leads to amazing and complex to unwind failures, if I had a time machine, I would go back and ask the developers to choose a different design for the behavior of this one piece of the platform. Sometimes we have to work within the limits of what we are given and push for changes as we can.

The leading value is part session identifier, part internal application identifier, so technically, yes, it is possible to get back to a login flow for the application using one of those URLs in the short term (and is actually being used to do so in my patch, similar to the code that probes for the EZproxy hostname), but for long term use, it would require us to guarantee internal implementation details will not change that I just do not feel comfortable guaranteeing due to other parts in the proxy architecture that may require changes that cannot be made backwards compatible as we scale and grow.

Therefore, it is much cleaner and more long-term sustainable to use a prefixed entry point with vendor native URLs instead of relying on internal implementation details that are exposed in the rewritten hostname.

This is not any worse than platforms like EBSCO where users cannot take browser bar URLs and paste them into documents due to SID values and other transient data in the URLs, so it is not without precedence. I have worked hard to ensure that when users use the platform's "Cite" functionality on the platform's web pages that those URLs are pristine and not rewritten, so this is limited in scope to just the browser location URL handling, not the actual citation data provided by the platform.

Regarding best practice, sites using a rewriting proxy have been encouraged to use the prefixed method of access going back decades now. The embedded hostname style access (www.vendor.com.proxy.example.edu) just happens to work for EZProxy, but is not guaranteed to work by OCLC, it is just a happy accident that it does work most of the time. OCLC reserves the right to change that at any time without any guarantees of backwards compatibility, just like their internal "ezp.2" internal link format could change at any time as well.

If you look at Innovative Interface's WAM proxy links, their format is similar since it was a fork of EZProxy from long ago (if I remember correctly, their links are formatted as "0-www.vendor.com.proxy.example.edu", where the first number is the port number, with 0 representing the default port 80).

I have not yet seen OpenAthens proxy behavior first hand, but I do know that sites converting to OpenAthens must first "Athenize" their URLs into a prefix style link so that users will either be redirected straight to vendor platform's SAML entry point and prompted for SAML authentication if they do not already have a SAML session OR use the OpenAthens rewriting proxy platform as a fallback for resources that are not SAML authenticated.

So that's what I mean when talk about best practices in a rewriting proxy environment -- taking the native vendor URL and prefixing it, as that is the defacto standard way that all of these platforms work today, and why I think it would be a great thing for Zotero to accommodate the prefix style access in a way that makes it as painless for the user as possible.

I disagree with your statement that "there's no particular reason for a given host to be associated with more than one proxy", however, because it is absolutely common for institutions to have different subscriptions on aggregator and journal platforms that have a common hostnames. Say that a user is a doctoral student at University A, but an adjunct professor at College B. University A has certain resources for their doctoral students at ProQuest, but College B has a completely different set of resources for their baccalaureate programs, yet both use "search.proquest.com" as the host. I do not see how Zotero has enough context solely based on the hostname to differentiate between the access method for those two institutions that the same user has access to content through. Either choice could be wrong -- the doctoral content is not available through College B's proxy, and the baccalaureate resources are not available through University A's proxy. This the scenario that I have in mind when I suggest that there are use cases that would seem to have room for improvement for users who fall into this category.

Anyway, I will get access setup to the proxy platform next week and work with Adomas to get the patch up to speed for inclusion. I feel that the patch is fairly close now, and just needs a few tweaks to have everything fall into place given what you have said about the intent being to keep URLs clean and free from access details.

That is the first step in all of this, and a few months ago, I would have said that the rest sounds like a great conversation to hash out around a table at a conference, but unfortunately we may have to settle for something a bit less personal these days.