The resource owner can revoke the token out of band, this errata should be rejected.
- Justin ________________________________ From: OAuth <oauth-boun...@ietf.org> on behalf of RFC Errata System <rfc-edi...@rfc-editor.org> Sent: Thursday, August 17, 2023 2:42 PM To: i...@justin.richer.org <i...@justin.richer.org>; r...@cert.org <r...@cert.org>; paul.wout...@aiven.io <paul.wout...@aiven.io>; hannes.tschofe...@arm.com <hannes.tschofe...@arm.com>; rifaat.s.i...@gmail.com <rifaat.s.i...@gmail.com> Cc: sunful...@neusoft.edu.cn <sunful...@neusoft.edu.cn>; oauth@ietf.org <oauth@ietf.org>; rfc-edi...@rfc-editor.org <rfc-edi...@rfc-editor.org> Subject: [OAUTH-WG] [Technical Errata Reported] RFC7662 (7607) The following errata report has been submitted for RFC7662, "OAuth 2.0 Token Introspection". -------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid7607 -------------------------------------- Type: Technical Reported by: Fulong Sun <sunful...@neusoft.edu.cn> Section: 2.2 Original Text ------------- a given token has been issued by this authorization server, has not been revoked by the resource owner, and is within its given time window of validity Corrected Text -------------- a given token has been issued by this authorization server, has not been revoked by the resource owner or client, and is within its given time window of validity Notes ----- RFC 7009 defined a given token can be revoke by client, so should write client here. Instructions: ------------- This erratum is currently posted as "Reported". If necessary, please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party can log in to change the status and edit the report, if necessary. -------------------------------------- RFC7662 (draft-ietf-oauth-introspection-11) -------------------------------------- Title : OAuth 2.0 Token Introspection Publication Date : October 2015 Author(s) : J. Richer, Ed. Category : PROPOSED STANDARD Source : Web Authorization Protocol Area : Security Stream : IETF Verifying Party : IESG _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth