[OAUTH-WG] section 3.2 error in draft-ietf-oauth-v2-10
"Nick Walker" <nick@concentricsky.com> Tue, 16 November 2010 23:44 UTC
Return-Path: <nick@concentricsky.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CE7893A6881 for <oauth@core3.amsl.com>; Tue, 16 Nov 2010 15:44:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.265
X-Spam-Level:
X-Spam-Status: No, score=-2.265 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kKkuHlUryk8D for <oauth@core3.amsl.com>; Tue, 16 Nov 2010 15:44:42 -0800 (PST)
Received: from locust.concentricsky.com (locust.concentricsky.com [69.30.54.148]) by core3.amsl.com (Postfix) with ESMTP id 36D173A6880 for <oauth@ietf.org>; Tue, 16 Nov 2010 15:44:42 -0800 (PST)
Received: from localhost (localhost.localdomain [127.0.0.1]) by locust.concentricsky.com (Postfix) with ESMTP id 90AED9E89BB for <oauth@ietf.org>; Tue, 16 Nov 2010 15:45:21 -0800 (PST)
Received: from locust.concentricsky.com ([127.0.0.1]) by localhost (locust.concentricsky.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7OP5yjuQHV14 for <oauth@ietf.org>; Tue, 16 Nov 2010 15:45:16 -0800 (PST)
Received: from horizon.concentricsky.com (caterpillar.concentricsky.com [74.95.42.1]) by locust.concentricsky.com (Postfix) with ESMTP id 9E62E9E89BA for <oauth@ietf.org>; Tue, 16 Nov 2010 15:45:15 -0800 (PST)
Received: by horizon.concentricsky.com (sSMTP sendmail emulation); Tue, 16 Nov 2010 15:45:14 -0800
From: Nick Walker <nick@concentricsky.com>
Date: Tue, 16 Nov 2010 15:45:14 -0800
To: oauth@ietf.org
Message-ID: <20101116234514.GE31381@concentricsky.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
User-Agent: Mutt/1.5.21 (2010-09-15)
Subject: [OAUTH-WG] section 3.2 error in draft-ietf-oauth-v2-10
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Nov 2010 23:50:26 -0000
In section 3.2 of draft-ietf-oauth-v2-10:
"... if the request is invalid, the authorization server informs
the client by adding the following parameters to the redirection
URI query component ..."
This leads to issuing an HTTP 302 response with an invalid Location
header if the redirect_uri parameter is missing or invalid.
I believe the correct behavior in this case is the same as in section 4.3.
Nick
- [OAUTH-WG] section 3.2 error in draft-ietf-oauth-… Nick Walker
- Re: [OAUTH-WG] section 3.2 error in draft-ietf-oa… Eran Hammer-Lahav