This errata is not quite right. It needs to use https, not http. Location: https://client.example.com/cb...
-- James Manger -----Original Message----- From: OAuth [mailto:[email protected]] On Behalf Of RFC Errata System Sent: Thursday, 6 October 2016 2:17 AM To: [email protected]; [email protected]; [email protected]; [email protected]; [email protected] Cc: [email protected]; [email protected]; [email protected] Subject: [OAUTH-WG] [Technical Errata Reported] RFC6749 (4819) The following errata report has been submitted for RFC6749, "The OAuth 2.0 Authorization Framework". -------------------------------------- You may review the report below and at: http://www.rfc-editor.org/errata_search.php?rfc=6749&eid=4819 -------------------------------------- Type: Technical Reported by: Lars Kemmann <[email protected]> Section: 4.2.2 Original Text ------------- HTTP/1.1 302 Found Location: http://example.com/cb# access_token=2YotnFZFEjr1zCsicMWpAA &state=xyz&token_type=example&expires_in=3600 Corrected Text -------------- HTTP/1.1 302 Found Location: http://client.example.com/cb# access_token=2YotnFZFEjr1zCsicMWpAA &state=xyz&token_type=example&expires_in=3600 Notes ----- In the example for section 4.2.1, the request was made with a `redirect_uri` parameter value of `redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb`. If I understand correctly, the `client` subdomain should be included in the `Location` header in the response. Instructions: ------------- This erratum is currently posted as "Reported". If necessary, please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party (IESG) can log in to change the status and edit the report, if necessary. -------------------------------------- RFC6749 (draft-ietf-oauth-v2-31) -------------------------------------- Title : The OAuth 2.0 Authorization Framework Publication Date : October 2012 Author(s) : D. Hardt, Ed. Category : PROPOSED STANDARD Source : Web Authorization Protocol Area : Security Stream : IETF Verifying Party : IESG _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
