I suggest this errata be REJECTED as token types are case-insensitive.
Each field in RFC6749 that takes a token type explicitly says the value is case
insensitive.
4.2.2. Access Token Response
token_type
REQUIRED. The type of the token issued as described in
Section 7.1. Value is case insensitive.
5.1. Successful Response
token_type
REQUIRED. The type of the token issued as described in
Section 7.1. Value is case insensitive.
When used as an HTTP authentication scheme name it is also case insensitive.
From RFC7235 "HTTP/1.1 Authentication":
2.1. Challenge and Response
... It uses a case-insensitive token as a means to identify the
authentication scheme,
--
James Manger
-----Original Message-----
From: OAuth [mailto:[email protected]] On Behalf Of RFC Errata System
Sent: Thursday, 19 May 2016 6:27 PM
To: [email protected]; [email protected];
[email protected]; [email protected]; [email protected]
Cc: [email protected]; [email protected]
Subject: [OAUTH-WG] [Editorial Errata Reported] RFC6749 (4697)
The following errata report has been submitted for RFC6749,
"The OAuth 2.0 Authorization Framework".
--------------------------------------
You may review the report below and at:
http://www.rfc-editor.org/errata_search.php?rfc=6749&eid=4697
--------------------------------------
Type: Editorial
Reported by: Ludwig Seitz <[email protected]>
Section: 7.1
Original Text
-------------
For example, the "bearer" token type defined in [RFC6750] is utilized
by simply including the access token string in the request:
Corrected Text
--------------
For example, the "Bearer" token type defined in [RFC6750] is utilized
by simply including the access token string in the request:
Notes
-----
RFC6750 defines the "Bearer" token type not the "bearer" token type.
Instructions:
-------------
This erratum is currently posted as "Reported". If necessary, please
use "Reply All" to discuss whether it should be verified or
rejected. When a decision is reached, the verifying party (IESG)
can log in to change the status and edit the report, if necessary.
--------------------------------------
RFC6749 (draft-ietf-oauth-v2-31)
--------------------------------------
Title : The OAuth 2.0 Authorization Framework
Publication Date : October 2012
Author(s) : D. Hardt, Ed.
Category : PROPOSED STANDARD
Source : Web Authorization Protocol
Area : Security
Stream : IETF
Verifying Party : IESG
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
