Agreed this should be REJECTED. > On May 19, 2016, at 9:22 PM, Manger, James <[email protected]> > wrote: > > I suggest this errata be REJECTED as token types are case-insensitive. > > Each field in RFC6749 that takes a token type explicitly says the value is > case insensitive. > > 4.2.2. Access Token Response > > token_type > REQUIRED. The type of the token issued as described in > Section 7.1. Value is case insensitive. > > 5.1. Successful Response > > token_type > REQUIRED. The type of the token issued as described in > Section 7.1. Value is case insensitive. > > When used as an HTTP authentication scheme name it is also case insensitive. > From RFC7235 "HTTP/1.1 Authentication": > > 2.1. Challenge and Response > > ... It uses a case-insensitive token as a means to identify the > authentication scheme, > > -- > James Manger > > > > -----Original Message----- > From: OAuth [mailto:[email protected]] On Behalf Of RFC Errata System > Sent: Thursday, 19 May 2016 6:27 PM > To: [email protected]; [email protected]; > [email protected]; [email protected]; [email protected] > Cc: [email protected]; [email protected] > Subject: [OAUTH-WG] [Editorial Errata Reported] RFC6749 (4697) > > The following errata report has been submitted for RFC6749, > "The OAuth 2.0 Authorization Framework". > > -------------------------------------- > You may review the report below and at: > http://www.rfc-editor.org/errata_search.php?rfc=6749&eid=4697 > > -------------------------------------- > Type: Editorial > Reported by: Ludwig Seitz <[email protected]> > > Section: 7.1 > > Original Text > ------------- > For example, the "bearer" token type defined in [RFC6750] is utilized > by simply including the access token string in the request: > > > Corrected Text > -------------- > For example, the "Bearer" token type defined in [RFC6750] is utilized > by simply including the access token string in the request: > > > Notes > ----- > RFC6750 defines the "Bearer" token type not the "bearer" token type. > > Instructions: > ------------- > This erratum is currently posted as "Reported". If necessary, please > use "Reply All" to discuss whether it should be verified or > rejected. When a decision is reached, the verifying party (IESG) > can log in to change the status and edit the report, if necessary. > > -------------------------------------- > RFC6749 (draft-ietf-oauth-v2-31) > -------------------------------------- > Title : The OAuth 2.0 Authorization Framework > Publication Date : October 2012 > Author(s) : D. Hardt, Ed. > Category : PROPOSED STANDARD > Source : Web Authorization Protocol > Area : Security > Stream : IETF > Verifying Party : IESG > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
