Also agree On May 20, 2016 9:08 AM, "John Bradley" <[email protected]> wrote:
> Agreed this should be REJECTED. > > > On May 19, 2016, at 9:22 PM, Manger, James < > [email protected]> wrote: > > > > I suggest this errata be REJECTED as token types are case-insensitive. > > > > Each field in RFC6749 that takes a token type explicitly says the value > is case insensitive. > > > > 4.2.2. Access Token Response > > > > token_type > > REQUIRED. The type of the token issued as described in > > Section 7.1. Value is case insensitive. > > > > 5.1. Successful Response > > > > token_type > > REQUIRED. The type of the token issued as described in > > Section 7.1. Value is case insensitive. > > > > When used as an HTTP authentication scheme name it is also case > insensitive. From RFC7235 "HTTP/1.1 Authentication": > > > > 2.1. Challenge and Response > > > > ... It uses a case-insensitive token as a means to identify the > authentication scheme, > > > > -- > > James Manger > > > > > > > > -----Original Message----- > > From: OAuth [mailto:[email protected]] On Behalf Of RFC Errata > System > > Sent: Thursday, 19 May 2016 6:27 PM > > To: [email protected]; [email protected]; > [email protected]; [email protected]; > [email protected] > > Cc: [email protected]; [email protected] > > Subject: [OAUTH-WG] [Editorial Errata Reported] RFC6749 (4697) > > > > The following errata report has been submitted for RFC6749, > > "The OAuth 2.0 Authorization Framework". > > > > -------------------------------------- > > You may review the report below and at: > > http://www.rfc-editor.org/errata_search.php?rfc=6749&eid=4697 > > > > -------------------------------------- > > Type: Editorial > > Reported by: Ludwig Seitz <[email protected]> > > > > Section: 7.1 > > > > Original Text > > ------------- > > For example, the "bearer" token type defined in [RFC6750] is utilized > > by simply including the access token string in the request: > > > > > > Corrected Text > > -------------- > > For example, the "Bearer" token type defined in [RFC6750] is utilized > > by simply including the access token string in the request: > > > > > > Notes > > ----- > > RFC6750 defines the "Bearer" token type not the "bearer" token type. > > > > Instructions: > > ------------- > > This erratum is currently posted as "Reported". If necessary, please > > use "Reply All" to discuss whether it should be verified or > > rejected. When a decision is reached, the verifying party (IESG) > > can log in to change the status and edit the report, if necessary. > > > > -------------------------------------- > > RFC6749 (draft-ietf-oauth-v2-31) > > -------------------------------------- > > Title : The OAuth 2.0 Authorization Framework > > Publication Date : October 2012 > > Author(s) : D. Hardt, Ed. > > Category : PROPOSED STANDARD > > Source : Web Authorization Protocol > > Area : Security > > Stream : IETF > > Verifying Party : IESG > > > > _______________________________________________ > > OAuth mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/oauth > > > > _______________________________________________ > > OAuth mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/oauth > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth >
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
