This errata should also be rejected for reasons similar to https://www.rfc-editor.org/errata/eid7715 - section 4.2.2 is about the implicit flow, which returns parameters in the fragment part of the URL, not query parameters. And that kind of consistency of hostname values in examples does not warrant an errata.
On Wed, Nov 29, 2023 at 9:56 AM RFC Errata System <[email protected]> wrote: > The following errata report has been submitted for RFC6749, > "The OAuth 2.0 Authorization Framework". > > -------------------------------------- > You may review the report below and at: > https://www.rfc-editor.org/errata/eid7716 > > -------------------------------------- > Type: Editorial > Reported by: Alex Wilson <[email protected]> > > Section: 4.2.2 > > Original Text > ------------- > For example, the authorization server redirects the user-agent by > sending the following HTTP response (with extra line breaks for > display purposes only): > > HTTP/1.1 302 Found > Location: http://example.com/cb#access_token=2YotnFZFEjr1zCsicMWpAA > &state=xyz&token_type=example&expires_in=3600 > > > Corrected Text > -------------- > For example, the authorization server redirects the user-agent by > sending the following HTTP response (with extra line breaks for > display purposes only): > > HTTP/1.1 302 Found > Location: > http://client.example.com/cb?access_token=2YotnFZFEjr1zCsicMWpAA > &state=xyz&token_type=example&expires_in=3600 > > > Notes > ----- > - Host example.com should be client.example.com to be consistent with > other examples. > - A hash is used for the query parameters when a question mark should have > been used. > > Instructions: > ------------- > This erratum is currently posted as "Reported". (If it is spam, it > will be removed shortly by the RFC Production Center.) Please > use "Reply All" to discuss whether it should be verified or > rejected. When a decision is reached, the verifying party > will log in to change the status and edit the report, if necessary. > > -------------------------------------- > RFC6749 (draft-ietf-oauth-v2-31) > -------------------------------------- > Title : The OAuth 2.0 Authorization Framework > Publication Date : October 2012 > Author(s) : D. Hardt, Ed. > Category : PROPOSED STANDARD > Source : Web Authorization Protocol > Area : Security > Stream : IETF > Verifying Party : IESG > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth > -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
