Re: [OAUTH-WG] [Technical Errata Reported] RFC6749 (4819)
"Manger, James" <James.H.Manger@team.telstra.com> Wed, 05 October 2016 22:07 UTC
Return-Path: <James.H.Manger@team.telstra.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B0CA21294C5 for <oauth@ietfa.amsl.com>; Wed, 5 Oct 2016 15:07:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.62
X-Spam-Level:
X-Spam-Status: No, score=-2.62 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ujj-rcZJCr_W for <oauth@ietfa.amsl.com>; Wed, 5 Oct 2016 15:07:48 -0700 (PDT)
Received: from ipxbno.tcif.telstra.com.au (ipxbno.tcif.telstra.com.au [203.35.82.204]) by ietfa.amsl.com (Postfix) with ESMTP id 46F551294BF for <oauth@ietf.org>; Wed, 5 Oct 2016 15:07:46 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="5.31,451,1473084000"; d="scan'208";a="105621549"
Received: from unknown (HELO ipcani.tcif.telstra.com.au) ([10.97.216.200]) by ipobni.tcif.telstra.com.au with ESMTP; 06 Oct 2016 09:07:44 +1100
X-IronPort-AV: E=McAfee;i="5700,7163,8309"; a="193634380"
Received: from wsmsg3705.srv.dir.telstra.com ([172.49.40.203]) by ipcani.tcif.telstra.com.au with ESMTP; 06 Oct 2016 09:07:45 +1100
Received: from WSMSG3153V.srv.dir.telstra.com ([172.49.40.159]) by WSMSG3705.srv.dir.telstra.com ([fe80::6cf2:f98b:1f04:11fe%12]) with mapi; Thu, 6 Oct 2016 09:07:45 +1100
From: "Manger, James" <James.H.Manger@team.telstra.com>
To: RFC Errata System <rfc-editor@rfc-editor.org>, "dick.hardt@gmail.com" <dick.hardt@gmail.com>, "stephen.farrell@cs.tcd.ie" <stephen.farrell@cs.tcd.ie>, "Kathleen.Moriarty.ietf@gmail.com" <Kathleen.Moriarty.ietf@gmail.com>, "Hannes.Tschofenig@gmx.net" <Hannes.Tschofenig@gmx.net>, "derek@ihtfp.com" <derek@ihtfp.com>
Date: Thu, 06 Oct 2016 09:07:43 +1100
Thread-Topic: [OAUTH-WG] [Technical Errata Reported] RFC6749 (4819)
Thread-Index: AdIfG4dhicfp2ZsxR/ir14K554cxrAAOGHQQ
Message-ID: <255B9BB34FB7D647A506DC292726F6E13C05AA7E63@WSMSG3153V.srv.dir.telstra.com>
References: <20161005151652.82498B80A81@rfc-editor.org>
In-Reply-To: <20161005151652.82498B80A81@rfc-editor.org>
Accept-Language: en-US, en-AU
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US, en-AU
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/lcqxGEk-Po-7qI9vDaayJHvXDTw>
Cc: "lars.kemmann@bynalogic.com" <lars.kemmann@bynalogic.com>, "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] [Technical Errata Reported] RFC6749 (4819)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Oct 2016 22:07:59 -0000
This errata is not quite right. It needs to use https, not http. Location: https://client.example.com/cb... -- James Manger -----Original Message----- From: OAuth [mailto:oauth-bounces@ietf.org] On Behalf Of RFC Errata System Sent: Thursday, 6 October 2016 2:17 AM To: dick.hardt@gmail.com; stephen.farrell@cs.tcd.ie; Kathleen.Moriarty.ietf@gmail.com; Hannes.Tschofenig@gmx.net; derek@ihtfp.com Cc: lars.kemmann@bynalogic.com; oauth@ietf.org; rfc-editor@rfc-editor.org Subject: [OAUTH-WG] [Technical Errata Reported] RFC6749 (4819) The following errata report has been submitted for RFC6749, "The OAuth 2.0 Authorization Framework". -------------------------------------- You may review the report below and at: http://www.rfc-editor.org/errata_search.php?rfc=6749&eid=4819 -------------------------------------- Type: Technical Reported by: Lars Kemmann <lars.kemmann@bynalogic.com> Section: 4.2.2 Original Text ------------- HTTP/1.1 302 Found Location: http://example.com/cb# access_token=2YotnFZFEjr1zCsicMWpAA &state=xyz&token_type=example&expires_in=3600 Corrected Text -------------- HTTP/1.1 302 Found Location: http://client.example.com/cb# access_token=2YotnFZFEjr1zCsicMWpAA &state=xyz&token_type=example&expires_in=3600 Notes ----- In the example for section 4.2.1, the request was made with a `redirect_uri` parameter value of `redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb`. If I understand correctly, the `client` subdomain should be included in the `Location` header in the response. Instructions: ------------- This erratum is currently posted as "Reported". If necessary, please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party (IESG) can log in to change the status and edit the report, if necessary. -------------------------------------- RFC6749 (draft-ietf-oauth-v2-31) -------------------------------------- Title : The OAuth 2.0 Authorization Framework Publication Date : October 2012 Author(s) : D. Hardt, Ed. Category : PROPOSED STANDARD Source : Web Authorization Protocol Area : Security Stream : IETF Verifying Party : IESG _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] [Technical Errata Reported] RFC6749 (4… RFC Errata System
- Re: [OAUTH-WG] [Technical Errata Reported] RFC674… Manger, James
- Re: [OAUTH-WG] [Technical Errata Reported] RFC674… Lars Kemmann
- Re: [OAUTH-WG] [Technical Errata Reported] RFC674… Benjamin Kaduk