Re: [OAUTH-WG] [Editorial Errata Reported] RFC6749 (7716)
Brian Campbell <bcampbell@pingidentity.com> Wed, 29 November 2023 18:41 UTC
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AECA9C17C524 for <oauth@ietfa.amsl.com>; Wed, 29 Nov 2023 10:41:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G3eA1qlqnPvh for <oauth@ietfa.amsl.com>; Wed, 29 Nov 2023 10:41:54 -0800 (PST)
Received: from mail-pj1-x102b.google.com (mail-pj1-x102b.google.com [IPv6:2607:f8b0:4864:20::102b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D2D5BC17C531 for <oauth@ietf.org>; Wed, 29 Nov 2023 10:41:54 -0800 (PST)
Received: by mail-pj1-x102b.google.com with SMTP id 98e67ed59e1d1-2858ae35246so76973a91.0 for <oauth@ietf.org>; Wed, 29 Nov 2023 10:41:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=google; t=1701283314; x=1701888114; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=eU7FucjAXzxEVywWb0TMCabAX+anRTI4arGdeJ6kNC8=; b=PctJXjqpv9/M1Ib/Eixb45s8L+rxoB7ZTsnc/nPjnyMZEvR3cZv/HfppMsiQUoDgd5 Ei5susIxdAp7ljsCKx7zw/6tOREz4eHkmngUeGwtKz/701oCROaPSvZ8FU7GT4btsi91 KeLiSAoZhE1Kb3yZRZWpxwE4YRQniijTXQ/geHlafoP8l0LeSLaCyItOv3tqiDnXQKTm kkQmrZ82hSrlMfKTLNSQRLtiXgUcaTPgvfSoz2FH7YwnTeDOA598fnv8Lysg9185/8Kc vBfPl7L84JKlsnOvocTsuTb1n+DacF0Ud+79BhU+k2sWfOhTKwvvsS43tjVehR2xoxYB 3DqQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701283314; x=1701888114; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=eU7FucjAXzxEVywWb0TMCabAX+anRTI4arGdeJ6kNC8=; b=OqaIl1OmjIidYnpMGraJnidsVxlDNyZtb7dKkSMNgKDmiemcy6LETERcz37O9P02oD a/NhW4tyYim6ZX27NicvyjQH0YpSpotj8reW5kQ+7nJvGDmk6YmrTFSCNmlmjLtJJPFa 3jX/kpPUQ4SC8PTjtW2Lzr5I3T2KIZAOdAm2egBTkt4HNI6B0ydSM8Fx9Aq+2uO5+hVs o1A8jtMEMS9c7FwOdtyuBVrYyu733p7rqUZXIo2lMdFlyO7v5T4V6kXMZnCQTlTAqA4L pfxVZAyDFxXOi2gtlqj2gmKg48GEwQopoBAEEByAjyzirMLmY521KVCoGOTfE3YdGBI1 c3Rg==
X-Gm-Message-State: AOJu0YzB1k1RfwGX3+TO7Nh1xM5x9qy7QPkL0eBYACLi6B/JeINLWVHd wZuiwesq/eGH2LWc5oRlWvoX7ZjXlBeSCF3FECuWJBU6qEXvaoCXR2p4juCGAWTzI0FP/Dm1iAp Iw6F+cL25qwgpJA==
X-Google-Smtp-Source: AGHT+IGVaKl4KOJVTOoyJ/NnQY680JW54LHL3lQf8uitvF/xqraog9izxAW1UL8mXZlxPKEVAO+/bR0QFXVtwP2j+r8=
X-Received: by 2002:a17:90b:4b12:b0:286:2e71:1399 with SMTP id lx18-20020a17090b4b1200b002862e711399mr1581587pjb.45.1701283314204; Wed, 29 Nov 2023 10:41:54 -0800 (PST)
MIME-Version: 1.0
References: <20231129165633.15B4418EF1DF@rfcpa.amsl.com>
In-Reply-To: <20231129165633.15B4418EF1DF@rfcpa.amsl.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Wed, 29 Nov 2023 11:41:17 -0700
Message-ID: <CA+k3eCSV3B-KMePQtRKvO1=NsK074TZz+EGq_BWt-sR374DKuw@mail.gmail.com>
To: RFC Errata System <rfc-editor@rfc-editor.org>
Cc: hello@alexwilson.io, oauth@ietf.org
Content-Type: multipart/alternative; boundary="0000000000009b8dcf060b4ee30c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/Lakia3QyVXtV4twwLif3Pm47sjY>
Subject: Re: [OAUTH-WG] [Editorial Errata Reported] RFC6749 (7716)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Nov 2023 18:41:58 -0000
This errata should also be rejected for reasons similar to https://www.rfc-editor.org/errata/eid7715 - section 4.2.2 is about the implicit flow, which returns parameters in the fragment part of the URL, not query parameters. And that kind of consistency of hostname values in examples does not warrant an errata. On Wed, Nov 29, 2023 at 9:56 AM RFC Errata System <rfc-editor@rfc-editor.org> wrote: > The following errata report has been submitted for RFC6749, > "The OAuth 2.0 Authorization Framework". > > -------------------------------------- > You may review the report below and at: > https://www.rfc-editor.org/errata/eid7716 > > -------------------------------------- > Type: Editorial > Reported by: Alex Wilson <hello@alexwilson.io> > > Section: 4.2.2 > > Original Text > ------------- > For example, the authorization server redirects the user-agent by > sending the following HTTP response (with extra line breaks for > display purposes only): > > HTTP/1.1 302 Found > Location: http://example.com/cb#access_token=2YotnFZFEjr1zCsicMWpAA > &state=xyz&token_type=example&expires_in=3600 > > > Corrected Text > -------------- > For example, the authorization server redirects the user-agent by > sending the following HTTP response (with extra line breaks for > display purposes only): > > HTTP/1.1 302 Found > Location: > http://client.example.com/cb?access_token=2YotnFZFEjr1zCsicMWpAA > &state=xyz&token_type=example&expires_in=3600 > > > Notes > ----- > - Host example.com should be client.example.com to be consistent with > other examples. > - A hash is used for the query parameters when a question mark should have > been used. > > Instructions: > ------------- > This erratum is currently posted as "Reported". (If it is spam, it > will be removed shortly by the RFC Production Center.) Please > use "Reply All" to discuss whether it should be verified or > rejected. When a decision is reached, the verifying party > will log in to change the status and edit the report, if necessary. > > -------------------------------------- > RFC6749 (draft-ietf-oauth-v2-31) > -------------------------------------- > Title : The OAuth 2.0 Authorization Framework > Publication Date : October 2012 > Author(s) : D. Hardt, Ed. > Category : PROPOSED STANDARD > Source : Web Authorization Protocol > Area : Security > Stream : IETF > Verifying Party : IESG > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
- [OAUTH-WG] [Editorial Errata Reported] RFC6749 (7… RFC Errata System
- Re: [OAUTH-WG] [Editorial Errata Reported] RFC674… Brian Campbell
- Re: [OAUTH-WG] [Editorial Errata Reported] RFC674… Rebecca VanRheenen