Re: [OAUTH-WG] [Technical Errata Reported] RFC8414 (7793)
Brian Campbell <bcampbell@pingidentity.com> Wed, 31 January 2024 23:51 UTC
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF0DEC14F6A8 for <oauth@ietfa.amsl.com>; Wed, 31 Jan 2024 15:51:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FpZN2oCgj5xn for <oauth@ietfa.amsl.com>; Wed, 31 Jan 2024 15:51:36 -0800 (PST)
Received: from mail-il1-x12d.google.com (mail-il1-x12d.google.com [IPv6:2607:f8b0:4864:20::12d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9A8CBC14F6AB for <oauth@ietf.org>; Wed, 31 Jan 2024 15:51:36 -0800 (PST)
Received: by mail-il1-x12d.google.com with SMTP id e9e14a558f8ab-3638d572811so1758725ab.2 for <oauth@ietf.org>; Wed, 31 Jan 2024 15:51:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=google; t=1706745095; x=1707349895; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=35pQS9SxaAY53K+7kmdkrr/kXNaxrpxu2K9PACAJRGY=; b=CpID/2u0KGwht2HrZlCo+6Jy9T+VSlnsK2SMvfiOaSpxWN3WxL+W8htQQvM/K04nyV M/Ngsqdk5yvPuszoMKOIVTzCjhkPFkAtd7Tn/IbA+k+qr/fj5Y+Pz3cqREdDfxJZm8QH Dy5gAL/9LBp7g9AcCJ9rId5Awf/+wGt99Ep1DGjrJldSiqL/NcwRl7DudtaDEUUzBlTI 1nJ6W7a2xYu27n81nYYRSTS1arS20PJL/zMXY0JTB20L57oK91ICf8KMlgpdgHNMlgJU cMO+5N40XUBkYiWKHAKtsWfh+x7kIUmsFvKsb5nVqd9SHnA84YsnEgYEyl8Y1J/yEjzb T9lw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706745095; x=1707349895; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=35pQS9SxaAY53K+7kmdkrr/kXNaxrpxu2K9PACAJRGY=; b=pJ8i2ufPa/NLqlZuaskWTxJ5c0W1ZbKDWYvDQd2pSKka6Y1HZ9IaE7rsv+PDW1sM9H quMsk8E2ixyEDo5d3DpFdEfDBM3JxJVX1r8OdaK4J8lHNvAcBpBzYta7GRAYliYZWHyg F36YPOy1CspuONF/l2QxupFIxEL4a46YA4hQwznqYInSwb+CYEgqsmJZ46hQRBVZS74y EOci6EKUCduQEdx6uaFui9X0N1JcAYfQ7WsNH1cNTUVSvdw2UXc7sfheubOygh48JH0a 36pAQWY9WYrnl0Pj5zJsWBKSehqFD8FjczuLaLioujfG+f2uEUHBY4uogDBNi3dzDCBa bKKg==
X-Gm-Message-State: AOJu0Yw9Bz3alNzOiEcrScJeMCmjyDPpNCTKtC+/ZviSnXQlD8x0sSXF BPawWeR/RtNXXxsJtr/pKiLIXTNJHKi813z3KdW/+bIz/xQWfRQcu98KDInztTmscJKpaAK+VSm JeyRx9HfwQF4mYmi6KIIYSLSPq2vJkauH5x2tyh7pDCHxLb2t/DKm6MQ6eCW82PGdhVrEWflkwF DgMiPCuR2rqQ==
X-Google-Smtp-Source: AGHT+IELgct/ZcZcfuEY/MSj0dQVoi676HwdY7mk/TUqatgy1FiZzPt4Qs8iNvJMdsXwAyqZutSkoqeMedRoFN9Y+34=
X-Received: by 2002:a92:cb4b:0:b0:363:792c:ac4e with SMTP id f11-20020a92cb4b000000b00363792cac4emr3285971ilq.19.1706745095459; Wed, 31 Jan 2024 15:51:35 -0800 (PST)
MIME-Version: 1.0
References: <20240131214637.731FDE7C63@rfcpa.amsl.com>
In-Reply-To: <20240131214637.731FDE7C63@rfcpa.amsl.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Wed, 31 Jan 2024 16:51:04 -0700
Message-ID: <CA+k3eCTPeb8FxHUS-5cMjoUCyy5KEenvkv2bGKSyAP3Ocsasug@mail.gmail.com>
To: RFC Errata System <rfc-editor@rfc-editor.org>
Cc: mbj@microsoft.com, n-sakimura@nri.co.jp, RFC8414@ve7jtb.com, rdd@cert.org, paul.wouters@aiven.io, hannes.tschofenig@arm.com, rifaat.s.ietf@gmail.com, yasudakristina@gmail.com, oauth@ietf.org
Content-Type: multipart/alternative; boundary="0000000000002336a60610468fac"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/GguIFoKuzhuL3-T2X33i7LsGSdU>
Subject: Re: [OAUTH-WG] [Technical Errata Reported] RFC8414 (7793)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Jan 2024 23:51:42 -0000
This erratum seems legit. On Wed, Jan 31, 2024 at 2:46 PM RFC Errata System <rfc-editor@rfc-editor.org> wrote: > The following errata report has been submitted for RFC8414, > "OAuth 2.0 Authorization Server Metadata". > > -------------------------------------- > You may review the report below and at: > https://www.rfc-editor.org/errata/eid7793 > > -------------------------------------- > Type: Technical > Reported by: Kristina Yasuda <yasudakristina@gmail.com> > > Section: 2 > > Original Text > ------------- > response_types_supported > REQUIRED. JSON array containing a list of the OAuth 2.0 > "response_type" values that this authorization server supports. > The array values used are the same as those used with the > "response_types" parameter defined by "OAuth 2.0 Dynamic Client > Registration Protocol" [RFC7591]. > > Corrected Text > -------------- > response_types_supported > JSON array containing a list of the OAuth 2.0 > "response_type" values that this authorization server supports. > This is REQUIRED unless no grant types are supported > that use the authorization endpoint. The array values used are > the same as those used with the "response_types" parameter defined by > "OAuth 2.0 Dynamic Client Registration Protocol" [RFC7591]. > > Notes > ----- > For the authorization servers that only support grant types that do not > use authorization endpoint (like client credentials grant), there is no > value to put in the required `response_types_supported` parameter. At the > same time, section 3.2 says that "Claims with zero elements MUST be omitted > from the response." `authorization_endpoint`parameter is already required > for the ASs that support grant types that use the authorization endpoint, > so it should be the same for the `response_types_supported` parameter. > > Instructions: > ------------- > This erratum is currently posted as "Reported". (If it is spam, it > will be removed shortly by the RFC Production Center.) Please > use "Reply All" to discuss whether it should be verified or > rejected. When a decision is reached, the verifying party > will log in to change the status and edit the report, if necessary. > > -------------------------------------- > RFC8414 (draft-ietf-oauth-discovery-10) > -------------------------------------- > Title : OAuth 2.0 Authorization Server Metadata > Publication Date : June 2018 > Author(s) : M. Jones, N. Sakimura, J. Bradley > Category : PROPOSED STANDARD > Source : Web Authorization Protocol > Area : Security > Stream : IETF > Verifying Party : IESG > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
- [OAUTH-WG] [Technical Errata Reported] RFC8414 (7… RFC Errata System
- Re: [OAUTH-WG] [Technical Errata Reported] RFC841… Brian Campbell