[OAUTH-WG] [Technical Errata Reported] RFC6749 (5332)
RFC Errata System <rfc-editor@rfc-editor.org> Tue, 24 April 2018 14:33 UTC
Return-Path: <wwwrun@rfc-editor.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA5BE12D7F6 for <oauth@ietfa.amsl.com>; Tue, 24 Apr 2018 07:33:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 317RvTZTzWa6 for <oauth@ietfa.amsl.com>; Tue, 24 Apr 2018 07:33:18 -0700 (PDT)
Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6106712DFDB for <oauth@ietf.org>; Tue, 24 Apr 2018 07:32:55 -0700 (PDT)
Received: by rfc-editor.org (Postfix, from userid 30) id 90DABB82844; Tue, 24 Apr 2018 07:32:38 -0700 (PDT)
To: dick.hardt@gmail.com, kaduk@mit.edu, ekr@rtfm.com, Hannes.Tschofenig@gmx.net, rifaat.ietf@gmail.com
X-PHP-Originating-Script: 30:errata_mail_lib.php
From: RFC Errata System <rfc-editor@rfc-editor.org>
Cc: donald.coffin@reminetworks.com, oauth@ietf.org, rfc-editor@rfc-editor.org
Content-Type: text/plain; charset="UTF-8"
Message-Id: <20180424143238.90DABB82844@rfc-editor.org>
Date: Tue, 24 Apr 2018 07:32:38 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/cu_v-uxexKm0RN5ActUA2utl73Y>
Subject: [OAUTH-WG] [Technical Errata Reported] RFC6749 (5332)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Apr 2018 14:33:20 -0000
The following errata report has been submitted for RFC6749, "The OAuth 2.0 Authorization Framework". -------------------------------------- You may review the report below and at: http://www.rfc-editor.org/errata/eid5332 -------------------------------------- Type: Technical Reported by: Donald F Coffin <donald.coffin@reminetworks.com> Section: 4.1 Original Text ------------- (B) The authorization server authenticates the resource owner (via the user-agent) and establishes whether the resource owner grants or denies the client's access request. Corrected Text -------------- (B) The authorization server validates the request to ensure that all required parameters are present and valid. If the request is valid, the authorization server authenticates the resource owner and obtains an authorization decision (by asking the resource owner via the user-agent or by use of other established approval means). Notes ----- "Section 4.1 Authorization Code Grant (B)" conflicts with "Section 4.1.1 Authorization Request". The current verbiage implies the resource owner should be authenticated prior to "The authorization server validates the request to ensure that all required parameters are present and valid". Such implementations lead to overly complex user experiences when the Authorization Server determines the request is invalid. Instructions: ------------- This erratum is currently posted as "Reported". If necessary, please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party can log in to change the status and edit the report, if necessary. -------------------------------------- RFC6749 (draft-ietf-oauth-v2-31) -------------------------------------- Title : The OAuth 2.0 Authorization Framework Publication Date : October 2012 Author(s) : D. Hardt, Ed. Category : PROPOSED STANDARD Source : Web Authorization Protocol Area : Security Stream : IETF Verifying Party : IESG
- [OAUTH-WG] [Technical Errata Reported] RFC6749 (5… RFC Errata System