The following errata report has been submitted for RFC6749, "The OAuth 2.0 Authorization Framework".
-------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid5793 -------------------------------------- Type: Technical Reported by: Martin May <mar...@martinmay.net> Section: 2.3.1 Original Text ------------- Alternatively, the authorization server MAY support including the client credentials in the request-body using the following parameters: Corrected Text -------------- In addition to that, the authorization server MAY support including the client credentials in the request-body using the following parameters: Notes ----- Given that the authorization MUST support the HTTP Basic authentication scheme in the paragraphs just before this one, using the word "alternatively" here can be understood as "instead of", which is not the intention and can lead to confusion for implementors. This intention is further highlighted by the use of the word MAY in the paragraph above. Instructions: ------------- This erratum is currently posted as "Reported". If necessary, please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party can log in to change the status and edit the report, if necessary. -------------------------------------- RFC6749 (draft-ietf-oauth-v2-31) -------------------------------------- Title : The OAuth 2.0 Authorization Framework Publication Date : October 2012 Author(s) : D. Hardt, Ed. Category : PROPOSED STANDARD Source : Web Authorization Protocol Area : Security Stream : IETF Verifying Party : IESG _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
