[OAUTH-WG] [Technical Errata Reported] RFC6749 (4206)
RFC Errata System <rfc-editor@rfc-editor.org> Tue, 23 December 2014 14:45 UTC
Return-Path: <wwwrun@rfc-editor.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8ECDD1ACEF3 for <oauth@ietfa.amsl.com>; Tue, 23 Dec 2014 06:45:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.912
X-Spam-Level:
X-Spam-Status: No, score=-106.912 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tP37LnbXIz9p for <oauth@ietfa.amsl.com>; Tue, 23 Dec 2014 06:45:16 -0800 (PST)
Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) by ietfa.amsl.com (Postfix) with ESMTP id 5707A1A8F48 for <oauth@ietf.org>; Tue, 23 Dec 2014 06:45:16 -0800 (PST)
Received: by rfc-editor.org (Postfix, from userid 30) id F08F218047D; Tue, 23 Dec 2014 06:44:37 -0800 (PST)
To: dick.hardt@gmail.com, stephen.farrell@cs.tcd.ie, Kathleen.Moriarty.ietf@gmail.com, Hannes.Tschofenig@gmx.net, derek@ihtfp.com
X-PHP-Originating-Script: 6000:errata_mail_lib.php
From: RFC Errata System <rfc-editor@rfc-editor.org>
Message-Id: <20141223144437.F08F218047D@rfc-editor.org>
Date: Tue, 23 Dec 2014 06:44:37 -0800
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/ny65T18wkw1IcXzqo850mbrtURc
Cc: alex@kempgen.de, oauth@ietf.org, rfc-editor@rfc-editor.org
Subject: [OAUTH-WG] [Technical Errata Reported] RFC6749 (4206)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Dec 2014 14:45:17 -0000
The following errata report has been submitted for RFC6749, "The OAuth 2.0 Authorization Framework". -------------------------------------- You may review the report below and at: http://www.rfc-editor.org/errata_search.php?rfc=6749&eid=4206 -------------------------------------- Type: Technical Reported by: Alexander Kempgen <alex@kempgen.de> Section: 4.1 Original Text ------------- (E) The authorization server authenticates the client, validates the authorization code, and ensures that the redirection URI received matches the URI used to redirect the client in step (C). If valid, the authorization server responds back with an access token and, optionally, a refresh token. Corrected Text -------------- (E) The authorization server authenticates the client, validates the authorization code, and ensures that the redirection URI received matches the redirection URI provided by the client in step (A). If valid, the authorization server responds back with an access token and, optionally, a refresh token. Notes ----- As written in section 4.1.3, the redirection URI in the access token request must match the redirection URI provided by the client in the authorization request (4.1.1). The URI used to redirect the user agent to the client in step (C) is actually different from this URI, as it contains the additional query parameters "code" and "state". Affects the same sentence as Errata ID: 3500. Instructions: ------------- This erratum is currently posted as "Reported". If necessary, please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party (IESG) can log in to change the status and edit the report, if necessary. -------------------------------------- RFC6749 (draft-ietf-oauth-v2-31) -------------------------------------- Title : The OAuth 2.0 Authorization Framework Publication Date : October 2012 Author(s) : D. Hardt, Ed. Category : PROPOSED STANDARD Source : Web Authorization Protocol Area : Security Stream : IETF Verifying Party : IESG
- [OAUTH-WG] [Technical Errata Reported] RFC6749 (4… RFC Errata System
- [OAUTH-WG] [Errata Held for Document Update] RFC6… RFC Errata System