[OAUTH-WG] [Errata Verified] RFC7636 (5687)
RFC Errata System <rfc-editor@rfc-editor.org> Sun, 14 April 2019 16:05 UTC
Return-Path: <wwwrun@rfc-editor.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 21B201200E6; Sun, 14 Apr 2019 09:05:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5AdDS9NxjAm2; Sun, 14 Apr 2019 09:05:57 -0700 (PDT)
Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 869671200DF; Sun, 14 Apr 2019 09:05:57 -0700 (PDT)
Received: by rfc-editor.org (Postfix, from userid 30) id 13BA1B8063D; Sun, 14 Apr 2019 09:05:56 -0700 (PDT)
To: collinsauve@gmail.com, n-sakimura@nri.co.jp, ve7jtb@ve7jtb.com, naa@google.com
X-PHP-Originating-Script: 30:errata_mail_lib.php
From: RFC Errata System <rfc-editor@rfc-editor.org>
Cc: kaduk@mit.edu, iesg@ietf.org, oauth@ietf.org, rfc-editor@rfc-editor.org
Content-Type: text/plain; charset="UTF-8"
Message-Id: <20190414160556.13BA1B8063D@rfc-editor.org>
Date: Sun, 14 Apr 2019 09:05:56 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/fcvnLkdWLMQqEVJrkr0GiTbL2pE>
Subject: [OAUTH-WG] [Errata Verified] RFC7636 (5687)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 14 Apr 2019 16:05:59 -0000
The following errata report has been verified for RFC7636, "Proof Key for Code Exchange by OAuth Public Clients". -------------------------------------- You may review the report below and at: http://www.rfc-editor.org/errata/eid5687 -------------------------------------- Status: Verified Type: Technical Reported by: Collin Sauve <collinsauve@gmail.com> Date Reported: 2019-04-09 Verified by: Benjamin Kaduk (IESG) Section: 5 Original Text ------------- Server implementations of this specification MAY accept OAuth2.0 clients that do not implement this extension. If the "code_verifier" is not received from the client in the Authorization Request, servers supporting backwards compatibility revert to the OAuth 2.0 [RFC6749] protocol without this extension. As the OAuth 2.0 [RFC6749] server responses are unchanged by this specification, client implementations of this specification do not need to know if the server has implemented this specification or not and SHOULD send the additional parameters as defined in Section 4 to all servers. Corrected Text -------------- Server implementations of this specification MAY accept OAuth2.0 clients that do not implement this extension. If the "code_challenge" is not received from the client in the Authorization Request, servers supporting backwards compatibility revert to the OAuth 2.0 [RFC6749] protocol without this extension. As the OAuth 2.0 [RFC6749] server responses are unchanged by this specification, client implementations of this specification do not need to know if the server has implemented this specification or not and SHOULD send the additional parameters as defined in Section 4 to all servers. Notes ----- The code_verifier is not sent in the authorization request. -------------------------------------- RFC7636 (draft-ietf-oauth-spop-15) -------------------------------------- Title : Proof Key for Code Exchange by OAuth Public Clients Publication Date : September 2015 Author(s) : N. Sakimura, Ed., J. Bradley, N. Agarwal Category : PROPOSED STANDARD Source : Web Authorization Protocol Area : Security Stream : IETF Verifying Party : IESG
- [OAUTH-WG] [Errata Verified] RFC7636 (5687) RFC Errata System