The following errata report has been held for document update for RFC6749, "The OAuth 2.0 Authorization Framework".
-------------------------------------- You may review the report below and at: http://www.rfc-editor.org/errata_search.php?rfc=6749&eid=4206 -------------------------------------- Status: Held for Document Update Type: Editorial Reported by: Alexander Kempgen <[email protected]> Date Reported: 2014-12-23 Held by: Kathleen Moriarty (IESG) Section: 4.1 Original Text ------------- (E) The authorization server authenticates the client, validates the authorization code, and ensures that the redirection URI received matches the URI used to redirect the client in step (C). If valid, the authorization server responds back with an access token and, optionally, a refresh token. Corrected Text -------------- (E) The authorization server authenticates the client, validates the authorization code, and ensures that the redirection URI received matches the redirection URI provided by the client in step (A). If valid, the authorization server responds back with an access token and, optionally, a refresh token. Notes ----- AD & WG notes: The wording is better, so this is accepted, but it does mean the same thing. The URI in A and C are the same. See https://www.ietf.org/mail-archive/web/oauth/current/msg15277.html and responses. Submitter notes: As written in section 4.1.3, the redirection URI in the access token request must match the redirection URI provided by the client in the authorization request (4.1.1). The URI used to redirect the user agent to the client in step (C) is actually different from this URI, as it contains the additional query parameters \\\\\\\\\\\\\\\\"code\\\\\\\\\\\\\\\\" and \\\\\\\\\\\\\\\\"state\\\\\\\\\\\\\\\\". Affects the same sentence as Errata ID: 3500. -------------------------------------- RFC6749 (draft-ietf-oauth-v2-31) -------------------------------------- Title : The OAuth 2.0 Authorization Framework Publication Date : October 2012 Author(s) : D. Hardt, Ed. Category : PROPOSED STANDARD Source : Web Authorization Protocol Area : Security Stream : IETF Verifying Party : IESG _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
