Discussion:
[OAUTH-WG] [Technical Errata Reported] RFC6749 (4819)
RFC Errata System
2016-10-05 15:16:52 UTC
Permalink
The following errata report has been submitted for RFC6749,
"The OAuth 2.0 Authorization Framework".

--------------------------------------
You may review the report below and at:
http://www.rfc-editor.org/errata_search.php?rfc=6749&eid=4819

--------------------------------------
Type: Technical
Reported by: Lars Kemmann <***@bynalogic.com>

Section: 4.2.2

Original Text
-------------
HTTP/1.1 302 Found
Location: http://example.com/cb#
access_token=2YotnFZFEjr1zCsicMWpAA
&state=xyz&token_type=example&expires_in=3600

Corrected Text
--------------
HTTP/1.1 302 Found
Location: http://client.example.com/cb#
access_token=2YotnFZFEjr1zCsicMWpAA
&state=xyz&token_type=example&expires_in=3600

Notes
-----
In the example for section 4.2.1, the request was made with a `redirect_uri` parameter value of `redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb`. If I understand correctly, the `client` subdomain should be included in the `Location` header in the response.

Instructions:
-------------
This erratum is currently posted as "Reported". If necessary, please
use "Reply All" to discuss whether it should be verified or
rejected. When a decision is reached, the verifying party (IESG)
can log in to change the status and edit the report, if necessary.

--------------------------------------
RFC6749 (draft-ietf-oauth-v2-31)
--------------------------------------
Title : The OAuth 2.0 Authorization Framework
Publication Date : October 2012
Author(s) : D. Hardt, Ed.
Category : PROPOSED STANDARD
Source : Web Authorization Protocol
Area : Security
Stream : IETF
Verifying Party : IESG
Manger, James
2016-10-05 22:07:43 UTC
Permalink
This errata is not quite right. It needs to use https, not http.

Location: https://client.example.com/cb...

--
James Manger

-----Original Message-----
From: OAuth [mailto:oauth-***@ietf.org] On Behalf Of RFC Errata System
Sent: Thursday, 6 October 2016 2:17 AM
To: ***@gmail.com; ***@cs.tcd.ie; ***@gmail.com; ***@gmx.net; ***@ihtfp.com
Cc: ***@bynalogic.com; ***@ietf.org; rfc-***@rfc-editor.org
Subject: [OAUTH-WG] [Technical Errata Reported] RFC6749 (4819)

The following errata report has been submitted for RFC6749, "The OAuth 2.0 Authorization Framework".

--------------------------------------
You may review the report below and at:
http://www.rfc-editor.org/errata_search.php?rfc=6749&eid=4819

--------------------------------------
Type: Technical
Reported by: Lars Kemmann <***@bynalogic.com>

Section: 4.2.2

Original Text
-------------
HTTP/1.1 302 Found
Location: http://example.com/cb#
access_token=2YotnFZFEjr1zCsicMWpAA
&state=xyz&token_type=example&expires_in=3600

Corrected Text
--------------
HTTP/1.1 302 Found
Location: http://client.example.com/cb#
access_token=2YotnFZFEjr1zCsicMWpAA
&state=xyz&token_type=example&expires_in=3600

Notes
-----
In the example for section 4.2.1, the request was made with a `redirect_uri` parameter value of `redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb`. If I understand correctly, the `client` subdomain should be included in the `Location` header in the response.

Instructions:
-------------
This erratum is currently posted as "Reported". If necessary, please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party (IESG) can log in to change the status and edit the report, if necessary.

--------------------------------------
RFC6749 (draft-ietf-oauth-v2-31)
--------------------------------------
Title : The OAuth 2.0 Authorization Framework
Publication Date : October 2012
Author(s) : D. Hardt, Ed.
Category : PROPOSED STANDARD
Source : Web Authorization Protocol
Area : Security
Stream : IETF
Verifying Party : IESG
Lars Kemmann
2016-10-06 21:25:00 UTC
Permalink
Ah, you’re right. Thanks! Should I resubmit it?



~Lars



From: Manger, James<mailto:***@team.telstra.com>
Sent: Wednesday, October 5, 2016 6:07 PM
To: RFC Errata System<mailto:rfc-***@rfc-editor.org>; ***@gmail.com<mailto:***@gmail.com>; ***@cs.tcd.ie<mailto:***@cs.tcd.ie>; ***@gmail.com<mailto:***@gmail.com>; ***@gmx.net<mailto:***@gmx.net>; ***@ihtfp.com<mailto:***@ihtfp.com>
Cc: Lars Kemmann<mailto:***@bynalogic.com>; ***@ietf.org<mailto:***@ietf.org>
Subject: RE: [OAUTH-WG] [Technical Errata Reported] RFC6749 (4819)



This errata is not quite right. It needs to use https, not http.

Location: https://client.example.com/cb...

--
James Manger

-----Original Message-----
From: OAuth [mailto:oauth-***@ietf.org] On Behalf Of RFC Errata System
Sent: Thursday, 6 October 2016 2:17 AM
To: ***@gmail.com; ***@cs.tcd.ie; ***@gmail.com; ***@gmx.net; ***@ihtfp.com
Cc: ***@bynalogic.com; ***@ietf.org; rfc-***@rfc-editor.org
Subject: [OAUTH-WG] [Technical Errata Reported] RFC6749 (4819)

The following errata report has been submitted for RFC6749, "The OAuth 2.0 Authorization Framework".

--------------------------------------
You may review the report below and at:
http://www.rfc-editor.org/errata_search.php?rfc=6749&eid=4819

--------------------------------------
Type: Technical
Reported by: Lars Kemmann <***@bynalogic.com>

Section: 4.2.2

Original Text
-------------
HTTP/1.1 302 Found
Location: http://example.com/cb#
access_token=2YotnFZFEjr1zCsicMWpAA
&state=xyz&token_type=example&expires_in=3600

Corrected Text
--------------
HTTP/1.1 302 Found
Location: http://client.example.com/cb#
access_token=2YotnFZFEjr1zCsicMWpAA
&state=xyz&token_type=example&expires_in=3600

Notes
-----
In the example for section 4.2.1, the request was made with a `redirect_uri` parameter value of `redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb`. If I understand correctly, the `client` subdomain should be included in the `Location` header in the response.

Instructions:
-------------
This erratum is currently posted as "Reported". If necessary, please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party (IESG) can log in to change the status and edit the report, if necessary.

--------------------------------------
RFC6749 (draft-ietf-oauth-v2-31)
--------------------------------------
Title : The OAuth 2.0 Authorization Framework
Publication Date : October 2012
Author(s) : D. Hardt, Ed.
Category : PROPOSED STANDARD
Source : Web Authorization Protocol
Area : Security
Stream : IETF
Verifying Party : IESG
Benjamin Kaduk
2016-10-07 19:26:35 UTC
Permalink
On Thu, 6 Oct 2016, Lars Kemmann wrote:

> Ah, you’re right. Thanks! Should I resubmit it?

Kathleen can get it edited in-place.

-Ben

>
>
>
> ~Lars
>
>
>
> From: Manger, James<mailto:***@team.telstra.com>
> Sent: Wednesday, October 5, 2016 6:07 PM
> To: RFC Errata System<mailto:rfc-***@rfc-editor.org>; ***@gmail.com<mailto:***@gmail.com>; ***@cs.tcd.ie<mailto:***@cs.tcd.ie>; ***@gmail.com<mailto:***@gmail.com>; ***@gmx.net<mailto:***@gmx.net>; ***@ihtfp.com<mailto:***@ihtfp.com>
> Cc: Lars Kemmann<mailto:***@bynalogic.com>; ***@ietf.org<mailto:***@ietf.org>
> Subject: RE: [OAUTH-WG] [Technical Errata Reported] RFC6749 (4819)
>
>
>
> This errata is not quite right. It needs to use https, not http.
>
> Location: https://client.example.com/cb...
>
> --
> James Manger
>
> -----Original Message-----
> From: OAuth [mailto:oauth-***@ietf.org] On Behalf Of RFC Errata System
> Sent: Thursday, 6 October 2016 2:17 AM
> To: ***@gmail.com; ***@cs.tcd.ie; ***@gmail.com; ***@gmx.net; ***@ihtfp.com
> Cc: ***@bynalogic.com; ***@ietf.org; rfc-***@rfc-editor.org
> Subject: [OAUTH-WG] [Technical Errata Reported] RFC6749 (4819)
>
> The following errata report has been submitted for RFC6749, "The OAuth 2.0 Authorization Framework".
>
> --------------------------------------
> You may review the report below and at:
> http://www.rfc-editor.org/errata_search.php?rfc=6749&eid=4819
>
> --------------------------------------
> Type: Technical
> Reported by: Lars Kemmann <***@bynalogic.com>
>
> Section: 4.2.2
>
> Original Text
> -------------
> HTTP/1.1 302 Found
> Location: http://example.com/cb#
> access_token=2YotnFZFEjr1zCsicMWpAA
> &state=xyz&token_type=example&expires_in=3600
>
> Corrected Text
> --------------
> HTTP/1.1 302 Found
> Location: http://client.example.com/cb#
> access_token=2YotnFZFEjr1zCsicMWpAA
> &state=xyz&token_type=example&expires_in=3600
>
> Notes
> -----
> In the example for section 4.2.1, the request was made with a `redirect_uri` parameter value of `redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb`. If I understand correctly, the `client` subdomain should be included in the `Location` header in the response.
>
> Instructions:
> -------------
> This erratum is currently posted as "Reported". If necessary, please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party (IESG) can log in to change the status and edit the report, if necessary.
>
> --------------------------------------
> RFC6749 (draft-ietf-oauth-v2-31)
> --------------------------------------
> Title : The OAuth 2.0 Authorization Framework
> Publication Date : October 2012
> Author(s) : D. Hardt, Ed.
> Category : PROPOSED STANDARD
> Source : Web Authorization Protocol
> Area : Security
> Stream : IETF
> Verifying Party : IESG
>
> _______________________________________________
> OAuth mailing list
> ***@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
Loading...