7.2 -- "If the server does not support PKCE, it does not generate error."
should read "If the server does not support PKCE it does not generate an error."
Otherwise read to go in my opinion.
On Wednesday, January 21, 2015 6:23 PM, "[email protected]"
<[email protected]> wrote:
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol Working Group of
the IETF.
Title : Proof Key for Code Exchange by OAuth Public Clients
Authors : Nat Sakimura
John Bradley
Naveen Agarwal
Filename : draft-ietf-oauth-spop-06.txt
Pages : 16
Date : 2015-01-21
Abstract:
OAuth 2.0 public clients utilizing the Authorization Code Grant are
susceptible to the authorization code interception attack. This
specification describes the attack as well as a technique to mitigate
against the threat.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-spop/
There's also a htmlized version available at:
http://tools.ietf.org/html/draft-ietf-oauth-spop-06
A diff from the previous version is available at:
http://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-spop-06
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
