The following errata report has been submitted for RFC6749, "The OAuth 2.0 Authorization Framework".
-------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid8791 -------------------------------------- Type: Technical Reported by: Filip Skokan <[email protected]> Section: 3.2 Original Text ------------- Request and response parameters MUST NOT be included more than once. Corrected Text -------------- Request and response parameters defined by this specification MUST NOT be included more than once. This requirement also applies to parameters defined by extensions unless the extension explicitly defines otherwise for a specific parameter. Notes ----- Section 3.2 (Token Endpoint) contains the same text as Section 3.1 (Authorization Endpoint). Verified erratum 5708 (https://www.rfc-editor.org/errata/eid5708) addressed the identical text in Section 3.1 by adding "defined by this specification" but did not correct the same text in Section 3.2. This erratum applies both that same scoping fix and the additional extension-parameter clarification to Section 3.2. Several extensions explicitly allow repeated parameters at the token endpoint, e.g., the "resource" parameter in RFC 8707 Section 2 ("Multiple resource parameters MAY be used to indicate that the requested token is intended to be used at multiple resources.") and the "resource" and "audience" parameters in RFC 8693 Section 2.1. The added text makes clear that extension parameters default to not being repeated, unless the extension defining them explicitly allows it. See also: https://mailarchive.ietf.org/arch/msg/oauth/l3Yp2W4QXHdCXgO3NVpC6syUMws/ Instructions: ------------- This erratum is currently posted as "Reported". (If it is spam, it will be removed shortly by the RFC Production Center.) Please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party will log in to change the status and edit the report, if necessary. -------------------------------------- RFC6749 (draft-ietf-oauth-v2-31) -------------------------------------- Title : The OAuth 2.0 Authorization Framework Publication Date : October 2012 Author(s) : D. Hardt, Ed. Category : PROPOSED STANDARD Source : Web Authorization Protocol Stream : IETF Verifying Party : IESG _______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
