Re: [OAUTH-WG] [Editorial Errata Reported] RFC6749 (7715)
Brian Campbell <bcampbell@pingidentity.com> Wed, 29 November 2023 18:36 UTC
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8AEFBC17C52F for <oauth@ietfa.amsl.com>; Wed, 29 Nov 2023 10:36:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.103
X-Spam-Level:
X-Spam-Status: No, score=-2.103 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NaWtDJt3BeJD for <oauth@ietfa.amsl.com>; Wed, 29 Nov 2023 10:36:31 -0800 (PST)
Received: from mail-pg1-x52b.google.com (mail-pg1-x52b.google.com [IPv6:2607:f8b0:4864:20::52b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B1E0FC17C52B for <oauth@ietf.org>; Wed, 29 Nov 2023 10:36:31 -0800 (PST)
Received: by mail-pg1-x52b.google.com with SMTP id 41be03b00d2f7-5bcfc508d14so31075a12.3 for <oauth@ietf.org>; Wed, 29 Nov 2023 10:36:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=google; t=1701282991; x=1701887791; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=mXS8c2GeSZXlOvucerH0odMntrIFWZ0HlkTpVlrPET4=; b=HFcauZsNc1r/x2wbMPAYgYeHxiKSCSQPV4HhusKGYv+mi3bWuNA2Tq4e2OTkektx/d B3dRSS7jGSm7nvbFsUveaP9moxTq1i1w1l6iIZxddP2AFywJa/ZioLxj0VxZ7PBSLKRY MpCRcXXeM49oQJv1ba/VrT5eiFT/bTYQQUDjZ8Ib1NrJMhY5VCEvx3r+NfrcWo8e9pYU qWpUQ6MHCSpqYybtPhzGtWYhXZ4GNqlJ2TtYFmONljcE8U8WOC355sgX9xbkjBQMttCw tup9NmD1iyOCbnoWtPHD/Zm/l0yJi3cEauJ+1+JDqgxQuk4VVCjHJzq1rlTekdPUtjuL fn2Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701282991; x=1701887791; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=mXS8c2GeSZXlOvucerH0odMntrIFWZ0HlkTpVlrPET4=; b=VFZL+cHN1KAo9CHLncfk40oj62bz6NN7Dx8DTeGae7f1OcBIsRcl/PfGkPfv/+Ba1d oKBCf7L5n61wtMXQeR+I+YJvfZwLBxmux3NYbUuOB2yxyU5mGfv1J3OI/6KkVRzkTUjj Yj/v8ypGilWrAvayi4XiSMPq9qEZNXUsSqX6/425gbpT0HR760jktE8ZXuY/kQP6u++B yNfLhdTSi1mvFB1F6bCVDPbgOF8XM8sz0DpvbBqnEEhiUGd4DRnc3ZPFIz46TdyMrt8y rA3IvEuxGpGXD28qPkLB0H8x1e3lQAU7vURVc+jQr9qz+oQDD4m5JfNxg60/tPKcYsvw 2Eyg==
X-Gm-Message-State: AOJu0YzuDAXaVHOY2Hj1SFtNvpq9mQpbNOunpYA8M1cflggoiVM0h1xD beq4LvCxjoVipETeQkDEmdg4qt6zcotBXhpnJidQzQB9J50/m9g8zEU9xo3kXUdPEH4hMM0qAsq ByGzJcA2ZGTdjOg==
X-Google-Smtp-Source: AGHT+IH2wWBnB48SjRXQ7c5NyaDzz9gYqe+NVFHuaiscMYjUtOuBw2/vZEHZvOGcQyfAq0fFmE3vGCFh+F4TKMI+JRM=
X-Received: by 2002:a17:90b:1b07:b0:285:9d0d:7e3 with SMTP id nu7-20020a17090b1b0700b002859d0d07e3mr19589861pjb.38.1701282991070; Wed, 29 Nov 2023 10:36:31 -0800 (PST)
MIME-Version: 1.0
References: <20231129165123.5F80918EF1DF@rfcpa.amsl.com> <CAGBSGjqjp5=TA5xxB+BAUpTkdZVwyRWm7RbYc0ARDsSEF8hJjg@mail.gmail.com>
In-Reply-To: <CAGBSGjqjp5=TA5xxB+BAUpTkdZVwyRWm7RbYc0ARDsSEF8hJjg@mail.gmail.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Wed, 29 Nov 2023 11:35:54 -0700
Message-ID: <CA+k3eCRagYgHaKH8uNJ=iJ3jtK4zHmNSf9orzgC15LpruSJ1Jw@mail.gmail.com>
To: Aaron Parecki <aaron=40parecki.com@dmarc.ietf.org>
Cc: RFC Errata System <rfc-editor@rfc-editor.org>, hello@alexwilson.io, oauth@ietf.org
Content-Type: multipart/alternative; boundary="00000000000058dbe0060b4ed054"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/dtkQdLdax7B1AeYaSj07PW97vUg>
Subject: Re: [OAUTH-WG] [Editorial Errata Reported] RFC6749 (7715)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Nov 2023 18:36:35 -0000
Agree with Aaron that this errata should be rejected. On Wed, Nov 29, 2023 at 10:57 AM Aaron Parecki <aaron= 40parecki.com@dmarc.ietf.org> wrote: > This errata should be rejected, as section 4.2.2.1 is about the implicit > flow, which returns parameters in the fragment part of the URL, not query > parameters. > > > On Wed, Nov 29, 2023 at 11:51 AM RFC Errata System < > rfc-editor@rfc-editor.org> wrote: > >> The following errata report has been submitted for RFC6749, >> "The OAuth 2.0 Authorization Framework". >> >> -------------------------------------- >> You may review the report below and at: >> https://www.rfc-editor.org/errata/eid7715 >> >> -------------------------------------- >> Type: Editorial >> Reported by: Alex Wilson <hello@alexwilson.io> >> >> Section: 4.2.2.1 >> >> Original Text >> ------------- >> >> HTTP/1.1 302 Found >> Location: https://client.example.com/cb#error=access_denied&state=xyz >> >> Corrected Text >> -------------- >> >> HTTP/1.1 302 Found >> Location: https://client.example.com/cb?error=access_denied&state=xyz >> >> Notes >> ----- >> For query parameters, the hash should be a question mark. >> >> Instructions: >> ------------- >> This erratum is currently posted as "Reported". (If it is spam, it >> will be removed shortly by the RFC Production Center.) Please >> use "Reply All" to discuss whether it should be verified or >> rejected. When a decision is reached, the verifying party >> will log in to change the status and edit the report, if necessary. >> >> -------------------------------------- >> RFC6749 (draft-ietf-oauth-v2-31) >> -------------------------------------- >> Title : The OAuth 2.0 Authorization Framework >> Publication Date : October 2012 >> Author(s) : D. Hardt, Ed. >> Category : PROPOSED STANDARD >> Source : Web Authorization Protocol >> Area : Security >> Stream : IETF >> Verifying Party : IESG >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >> > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
- [OAUTH-WG] [Editorial Errata Reported] RFC6749 (7… RFC Errata System
- Re: [OAUTH-WG] [Editorial Errata Reported] RFC674… Aaron Parecki
- Re: [OAUTH-WG] [Editorial Errata Reported] RFC674… Brian Campbell
- Re: [OAUTH-WG] [Editorial Errata Reported] RFC674… Rebecca VanRheenen