On Thu, 6 Oct 2016, Lars Kemmann wrote: > Ah, you’re right. Thanks! Should I resubmit it?
Kathleen can get it edited in-place. -Ben > > > > ~Lars > > > > From: Manger, James<mailto:james.h.man...@team.telstra.com> > Sent: Wednesday, October 5, 2016 6:07 PM > To: RFC Errata System<mailto:rfc-edi...@rfc-editor.org>; > dick.ha...@gmail.com<mailto:dick.ha...@gmail.com>; > stephen.farr...@cs.tcd.ie<mailto:stephen.farr...@cs.tcd.ie>; > kathleen.moriarty.i...@gmail.com<mailto:kathleen.moriarty.i...@gmail.com>; > hannes.tschofe...@gmx.net<mailto:hannes.tschofe...@gmx.net>; > de...@ihtfp.com<mailto:de...@ihtfp.com> > Cc: Lars Kemmann<mailto:lars.kemm...@bynalogic.com>; > oauth@ietf.org<mailto:oauth@ietf.org> > Subject: RE: [OAUTH-WG] [Technical Errata Reported] RFC6749 (4819) > > > > This errata is not quite right. It needs to use https, not http. > > Location: https://client.example.com/cb... > > -- > James Manger > > -----Original Message----- > From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of RFC Errata System > Sent: Thursday, 6 October 2016 2:17 AM > To: dick.ha...@gmail.com; stephen.farr...@cs.tcd.ie; > kathleen.moriarty.i...@gmail.com; hannes.tschofe...@gmx.net; de...@ihtfp.com > Cc: lars.kemm...@bynalogic.com; oauth@ietf.org; rfc-edi...@rfc-editor.org > Subject: [OAUTH-WG] [Technical Errata Reported] RFC6749 (4819) > > The following errata report has been submitted for RFC6749, "The OAuth 2.0 > Authorization Framework". > > -------------------------------------- > You may review the report below and at: > http://www.rfc-editor.org/errata_search.php?rfc=6749&eid=4819 > > -------------------------------------- > Type: Technical > Reported by: Lars Kemmann <lars.kemm...@bynalogic.com> > > Section: 4.2.2 > > Original Text > ------------- > HTTP/1.1 302 Found > Location: http://example.com/cb# > access_token=2YotnFZFEjr1zCsicMWpAA > &state=xyz&token_type=example&expires_in=3600 > > Corrected Text > -------------- > HTTP/1.1 302 Found > Location: http://client.example.com/cb# > access_token=2YotnFZFEjr1zCsicMWpAA > &state=xyz&token_type=example&expires_in=3600 > > Notes > ----- > In the example for section 4.2.1, the request was made with a `redirect_uri` > parameter value of `redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb`. > If I understand correctly, the `client` subdomain should be included in the > `Location` header in the response. > > Instructions: > ------------- > This erratum is currently posted as "Reported". If necessary, please use > "Reply All" to discuss whether it should be verified or rejected. When a > decision is reached, the verifying party (IESG) can log in to change the > status and edit the report, if necessary. > > -------------------------------------- > RFC6749 (draft-ietf-oauth-v2-31) > -------------------------------------- > Title : The OAuth 2.0 Authorization Framework > Publication Date : October 2012 > Author(s) : D. Hardt, Ed. > Category : PROPOSED STANDARD > Source : Web Authorization Protocol > Area : Security > Stream : IETF > Verifying Party : IESG > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
