Re: [OAUTH-WG] [Editorial Errata Reported] RFC6749 (7715)
Aaron Parecki <aaron@parecki.com> Wed, 29 November 2023 17:57 UTC
Return-Path: <aaron@parecki.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 72FE1C169506 for <oauth@ietfa.amsl.com>; Wed, 29 Nov 2023 09:57:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=parecki.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eKRPys5YSEYe for <oauth@ietfa.amsl.com>; Wed, 29 Nov 2023 09:57:28 -0800 (PST)
Received: from mail-vk1-xa29.google.com (mail-vk1-xa29.google.com [IPv6:2607:f8b0:4864:20::a29]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 682FAC14CE5F for <oauth@ietf.org>; Wed, 29 Nov 2023 09:57:28 -0800 (PST)
Received: by mail-vk1-xa29.google.com with SMTP id 71dfb90a1353d-4ac1988ca66so26105e0c.0 for <oauth@ietf.org>; Wed, 29 Nov 2023 09:57:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=parecki.com; s=google; t=1701280646; x=1701885446; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=W0pVLW7CqFYQ7QivXjxaQXFk9uaNuL0hlBvW5kvKCwA=; b=DtE/mk40wMnZa94Jh6ZGK5dsX8uMinhdaPZDJJmyX6Mbdpd947iA5LyH29bJ5z/bQb mE+qFw0iLXB6H+JZpvBGipAGhl216H5wRUeqwUE5JMAzK+qFvNE2sH2xB5OeTdQSzk5R nIFB8N/+3fKECXkw7U+MTKK//bn5Qz+1s4zDKhdW3lQaAfLbKjJjYQzCWPiF14IXJqjB BdMaqCmWu+IbtgIjnKzZUISV4eVRwPbPrbCGV2TjoNDN6CMvD2sL4bcpjA6iFpuPD+CC L0IPb56hAXuBefGj+TKuGUGFavw53/ad6bkw5+/vMYvW/eXB94xRxeHA4bn+u8uotm1h OHAA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701280646; x=1701885446; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=W0pVLW7CqFYQ7QivXjxaQXFk9uaNuL0hlBvW5kvKCwA=; b=nrXuvvVuR0lYaUNB1uc58PmG1F0/47GWuTBSH29T8Pn9MyNKPIZqSj2MsqMbFPicEk N/GRzedjY4AVw7eh8zPR9nViYEbOPn9ZDTWwyn3Rq0na4NYJSbdcVeJonCsCNeYCUHfg XBOIKePVjBbi7/PG+YbDAq1D7o692t5qOyOZOcmFZ1xiCu5Q9AQaSLAl+QY7IX1N7FYs LCal9Ws/muVIq5hZ9ndGkN7BjvBkiPFwoP0RcFPYsab6j8MEigbu3MeO5B8JeLCib3es 8II3X8ZwOentErb3wzbdjg1WR4gXbk5unwyox9rC1C4SX56t7HnVA4GPpgqnL28T07J+ dtcQ==
X-Gm-Message-State: AOJu0Yz5mtrXrE1xfvjFXpEyTgkK5g/QTl5HPLLmEHUtWIPB14apKRGK my63qLx/dtBX/tz4/UxTJ+JsY1hkrkWPH85Y2ZI=
X-Google-Smtp-Source: AGHT+IHntH4DLB0aKOgQ3HJ9OMSZYkui/UqtpFHU/Tbh1YuJYO9OdyzagCmvOx6hiao0Z84zth9tmw==
X-Received: by 2002:a05:6122:218d:b0:4b2:881a:5dd8 with SMTP id j13-20020a056122218d00b004b2881a5dd8mr2824166vkd.6.1701280645753; Wed, 29 Nov 2023 09:57:25 -0800 (PST)
Received: from mail-ua1-f49.google.com (mail-ua1-f49.google.com. [209.85.222.49]) by smtp.gmail.com with ESMTPSA id o17-20020a9f3511000000b007c53a54a757sm174973uao.11.2023.11.29.09.57.25 for <oauth@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 29 Nov 2023 09:57:25 -0800 (PST)
Received: by mail-ua1-f49.google.com with SMTP id a1e0cc1a2514c-7c44b09f9f9so26130241.0 for <oauth@ietf.org>; Wed, 29 Nov 2023 09:57:25 -0800 (PST)
X-Received: by 2002:a05:6102:3587:b0:462:7e9d:fa2c with SMTP id h7-20020a056102358700b004627e9dfa2cmr22692196vsu.13.1701280644992; Wed, 29 Nov 2023 09:57:24 -0800 (PST)
MIME-Version: 1.0
References: <20231129165123.5F80918EF1DF@rfcpa.amsl.com>
In-Reply-To: <20231129165123.5F80918EF1DF@rfcpa.amsl.com>
From: Aaron Parecki <aaron@parecki.com>
Date: Wed, 29 Nov 2023 12:57:13 -0500
X-Gmail-Original-Message-ID: <CAGBSGjqjp5=TA5xxB+BAUpTkdZVwyRWm7RbYc0ARDsSEF8hJjg@mail.gmail.com>
Message-ID: <CAGBSGjqjp5=TA5xxB+BAUpTkdZVwyRWm7RbYc0ARDsSEF8hJjg@mail.gmail.com>
To: RFC Errata System <rfc-editor@rfc-editor.org>
Cc: hello@alexwilson.io, oauth@ietf.org
Content-Type: multipart/alternative; boundary="000000000000821801060b4e44c8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/eWcO8ZYkMQLMgWD_jsIrMDZ-od0>
Subject: Re: [OAUTH-WG] [Editorial Errata Reported] RFC6749 (7715)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Nov 2023 17:57:32 -0000
This errata should be rejected, as section 4.2.2.1 is about the implicit flow, which returns parameters in the fragment part of the URL, not query parameters. On Wed, Nov 29, 2023 at 11:51 AM RFC Errata System < rfc-editor@rfc-editor.org> wrote: > The following errata report has been submitted for RFC6749, > "The OAuth 2.0 Authorization Framework". > > -------------------------------------- > You may review the report below and at: > https://www.rfc-editor.org/errata/eid7715 > > -------------------------------------- > Type: Editorial > Reported by: Alex Wilson <hello@alexwilson.io> > > Section: 4.2.2.1 > > Original Text > ------------- > > HTTP/1.1 302 Found > Location: https://client.example.com/cb#error=access_denied&state=xyz > > Corrected Text > -------------- > > HTTP/1.1 302 Found > Location: https://client.example.com/cb?error=access_denied&state=xyz > > Notes > ----- > For query parameters, the hash should be a question mark. > > Instructions: > ------------- > This erratum is currently posted as "Reported". (If it is spam, it > will be removed shortly by the RFC Production Center.) Please > use "Reply All" to discuss whether it should be verified or > rejected. When a decision is reached, the verifying party > will log in to change the status and edit the report, if necessary. > > -------------------------------------- > RFC6749 (draft-ietf-oauth-v2-31) > -------------------------------------- > Title : The OAuth 2.0 Authorization Framework > Publication Date : October 2012 > Author(s) : D. Hardt, Ed. > Category : PROPOSED STANDARD > Source : Web Authorization Protocol > Area : Security > Stream : IETF > Verifying Party : IESG > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
- [OAUTH-WG] [Editorial Errata Reported] RFC6749 (7… RFC Errata System
- Re: [OAUTH-WG] [Editorial Errata Reported] RFC674… Aaron Parecki
- Re: [OAUTH-WG] [Editorial Errata Reported] RFC674… Brian Campbell
- Re: [OAUTH-WG] [Editorial Errata Reported] RFC674… Rebecca VanRheenen