[OAUTH-WG] [Technical Errata Reported] RFC8414 (7793)
RFC Errata System <rfc-editor@rfc-editor.org> Wed, 31 January 2024 21:46 UTC
Return-Path: <wwwrun@rfcpa.amsl.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9ED00C14F68C for <oauth@ietfa.amsl.com>; Wed, 31 Jan 2024 13:46:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.658
X-Spam-Level:
X-Spam-Status: No, score=-1.658 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OgL-0fGSShlk for <oauth@ietfa.amsl.com>; Wed, 31 Jan 2024 13:46:37 -0800 (PST)
Received: from rfcpa.amsl.com (rfcpa.amsl.com [50.223.129.200]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CF215C14F5F8 for <oauth@ietf.org>; Wed, 31 Jan 2024 13:46:37 -0800 (PST)
Received: by rfcpa.amsl.com (Postfix, from userid 499) id 731FDE7C63; Wed, 31 Jan 2024 13:46:37 -0800 (PST)
To: mbj@microsoft.com, n-sakimura@nri.co.jp, RFC8414@ve7jtb.com, rdd@cert.org, paul.wouters@aiven.io, hannes.tschofenig@arm.com, rifaat.s.ietf@gmail.com
From: RFC Errata System <rfc-editor@rfc-editor.org>
Cc: yasudakristina@gmail.com, oauth@ietf.org, rfc-editor@rfc-editor.org
Content-Type: text/plain; charset="UTF-8"
Message-Id: <20240131214637.731FDE7C63@rfcpa.amsl.com>
Date: Wed, 31 Jan 2024 13:46:37 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/TIUBvopXUqa8uHpQModmUkZBZoE>
Subject: [OAUTH-WG] [Technical Errata Reported] RFC8414 (7793)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Jan 2024 21:46:41 -0000
The following errata report has been submitted for RFC8414, "OAuth 2.0 Authorization Server Metadata". -------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid7793 -------------------------------------- Type: Technical Reported by: Kristina Yasuda <yasudakristina@gmail.com> Section: 2 Original Text ------------- response_types_supported REQUIRED. JSON array containing a list of the OAuth 2.0 "response_type" values that this authorization server supports. The array values used are the same as those used with the "response_types" parameter defined by "OAuth 2.0 Dynamic Client Registration Protocol" [RFC7591]. Corrected Text -------------- response_types_supported JSON array containing a list of the OAuth 2.0 "response_type" values that this authorization server supports. This is REQUIRED unless no grant types are supported that use the authorization endpoint. The array values used are the same as those used with the "response_types" parameter defined by "OAuth 2.0 Dynamic Client Registration Protocol" [RFC7591]. Notes ----- For the authorization servers that only support grant types that do not use authorization endpoint (like client credentials grant), there is no value to put in the required `response_types_supported` parameter. At the same time, section 3.2 says that "Claims with zero elements MUST be omitted from the response." `authorization_endpoint`parameter is already required for the ASs that support grant types that use the authorization endpoint, so it should be the same for the `response_types_supported` parameter. Instructions: ------------- This erratum is currently posted as "Reported". (If it is spam, it will be removed shortly by the RFC Production Center.) Please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party will log in to change the status and edit the report, if necessary. -------------------------------------- RFC8414 (draft-ietf-oauth-discovery-10) -------------------------------------- Title : OAuth 2.0 Authorization Server Metadata Publication Date : June 2018 Author(s) : M. Jones, N. Sakimura, J. Bradley Category : PROPOSED STANDARD Source : Web Authorization Protocol Area : Security Stream : IETF Verifying Party : IESG
- [OAUTH-WG] [Technical Errata Reported] RFC8414 (7… RFC Errata System
- Re: [OAUTH-WG] [Technical Errata Reported] RFC841… Brian Campbell