Re: [OAUTH-WG] [Technical Errata Reported] RFC6749 (4819)

[Benjamin Kaduk]

On Thu, 6 Oct 2016, Lars Kemmann wrote:

> Ah, you’re right. Thanks! Should I resubmit it?

Kathleen can get it edited in-place.

-Ben

>
>
>
> ~Lars
>
>
>
> From: Manger, James<mailto:james.h.man...@team.telstra.com>
> Sent: Wednesday, October 5, 2016 6:07 PM
> To: RFC Errata System<mailto:rfc-edi...@rfc-editor.org>; 
> dick.ha...@gmail.com<mailto:dick.ha...@gmail.com>; 
> stephen.farr...@cs.tcd.ie<mailto:stephen.farr...@cs.tcd.ie>; 
> kathleen.moriarty.i...@gmail.com<mailto:kathleen.moriarty.i...@gmail.com>; 
> hannes.tschofe...@gmx.net<mailto:hannes.tschofe...@gmx.net>; 
> de...@ihtfp.com<mailto:de...@ihtfp.com>
> Cc: Lars Kemmann<mailto:lars.kemm...@bynalogic.com>; 
> oauth@ietf.org<mailto:oauth@ietf.org>
> Subject: RE: [OAUTH-WG] [Technical Errata Reported] RFC6749 (4819)
>
>
>
> This errata is not quite right. It needs to use https, not http.
>
> Location: https://client.example.com/cb...
>
> --
> James Manger
>
> -----Original Message-----
> From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of RFC Errata System
> Sent: Thursday, 6 October 2016 2:17 AM
> To: dick.ha...@gmail.com; stephen.farr...@cs.tcd.ie; 
> kathleen.moriarty.i...@gmail.com; hannes.tschofe...@gmx.net; de...@ihtfp.com
> Cc: lars.kemm...@bynalogic.com; oauth@ietf.org; rfc-edi...@rfc-editor.org
> Subject: [OAUTH-WG] [Technical Errata Reported] RFC6749 (4819)
>
> The following errata report has been submitted for RFC6749, "The OAuth 2.0 
> Authorization Framework".
>
> --------------------------------------
> You may review the report below and at:
> http://www.rfc-editor.org/errata_search.php?rfc=6749&eid=4819
>
> --------------------------------------
> Type: Technical
> Reported by: Lars Kemmann <lars.kemm...@bynalogic.com>
>
> Section: 4.2.2
>
> Original Text
> -------------
> HTTP/1.1 302 Found
> Location: http://example.com/cb#
>           access_token=2YotnFZFEjr1zCsicMWpAA
>           &state=xyz&token_type=example&expires_in=3600
>
> Corrected Text
> --------------
> HTTP/1.1 302 Found
> Location: http://client.example.com/cb#
>           access_token=2YotnFZFEjr1zCsicMWpAA
>           &state=xyz&token_type=example&expires_in=3600
>
> Notes
> -----
> In the example for section 4.2.1, the request was made with a `redirect_uri` 
> parameter value of `redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb`. 
> If I understand correctly, the `client` subdomain should be included in the 
> `Location` header in the response.
>
> Instructions:
> -------------
> This erratum is currently posted as "Reported". If necessary, please use 
> "Reply All" to discuss whether it should be verified or rejected. When a 
> decision is reached, the verifying party (IESG) can log in to change the 
> status and edit the report, if necessary.
>
> --------------------------------------
> RFC6749 (draft-ietf-oauth-v2-31)
> --------------------------------------
> Title               : The OAuth 2.0 Authorization Framework
> Publication Date    : October 2012
> Author(s)           : D. Hardt, Ed.
> Category            : PROPOSED STANDARD
> Source              : Web Authorization Protocol
> Area                : Security
> Stream              : IETF
> Verifying Party     : IESG
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth