In section 3.2 under calculating header list hash, there's an example of hashed headers. For the values:
content-type: application/json etag: 742-3u8f34-3r2nvv3 this is shown as the example: "h": [["content-type", "etag"], "bZA981YJBrPlIzOvplbu3e7ueREXXr38vSkxIBYOaxI"] I believe the hashed value is incorrect. The hash above is correct if the headers use "\r\n" as the separator, but the spec says to only use "\n". If only "\n" is used as the separator then (from my calculations) the hash value should be "P6z5XN4tTzHkfwe3XO1YvVUIurSuhvh_UG10N_j-aGs". I'd love to get confirmation if I'm right/wrong. If I get a +1, then I'll submit a PR to the spec in Justin's repo (unless he beats me to it). One additional comment: It was not explicit in the spec that text encodings should be ASCII. It might be helpful to make that explicit, as I incorrectly assumed UTF8 (and spun my wheels for an hour or so). Also, FWIW, I'm working on (well really, almost done with) a .NET implementation of this spec. I'd love to know how much churn we expect on the RFC. Also working with me on this is Dominick who adding the PoP support to our IdentityServer3 implementation. Thanks! -Brock
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
