I have read with great interest both the documentation on Zimbra's REST and preauth services. I'm wondering: can both services be used in a single request?

The preauth URL allows a redirectURL parameter for directing users to somewhere other than /zimbra/mail. From preauth.txt:

"If a URL other then /zimbra/mail is desired, then you can also pass in a redirectURL:

...&redirectURL=/zimbra/h/"

Given an HTTP client that properly handles the cookie, redirect, etc. would one of the REST URLs be an acceptable value for the redirect parameter? For example, suppose I requested the following URL:

/service/preauth?...&redirectURL=/zimbra/home/schemers/inbox.atom

Would this allow me to get the contents of a user's inbox without needing to have their password (given a correct preauth value, of course)?