Hi everyone,
I hope this is the right mailing list to submit mistakes in the OAuth
specifications...
I was reading through the latest version of the OAuth 2.0 Security Best Current
Practice (version 14) and noticed a very small error. Section 2.1.1 reads: "To
this end, they MUST either (a) publish the element
"code_challenge_methods_supported" in their AS metadata ([RFC8418])?...", but
the reference to RFC8418 is wrong. RFC8418 is totally unrelated to OAuth2 or AS
metadata. I believe you wanted to link to RFC8414 ("OAuth 2.0 Authorization
Server Metadata").
The new OAuth 2.1 draft has the same text (and wrong reference) in section 9.7.
Kind regards,
Pieter
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
