The normative text in Sec 4.1.3 is correct.
redirect_uri
REQUIRED, if the "redirect_uri" parameter was included in the
authorization request as described in
Section 4.1.1, and their values MUST be identical.
The example is arguably not the best worded.
From the servers point of view the redirect_uri supplied in step A is identical
to the one it uses in step C.
From the client’s point of view they receive a authorization response back on
the redirect URI with additional parameters,
so the redirect_uri value is only part of the response URI.
I think his wording is better, but what is there is not strictly speaking
wrong.
It is in non normative text, and the normative text is correct.
I would mark it as editorial.
John B.
> On Dec 8, 2015, at 1:20 PM, Kathleen Moriarty
> <[email protected]> wrote:
>
> Hi,
>
> What do we do with the following errata, I don;t see any prior list responses:
>
> https://www.ietf.org/mail-archive/web/oauth/current/msg14033.html
>
> Thank you!
>
> --
>
> Best regards,
> Kathleen
>
> _______________________________________________
> OAuth mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
