Process-wise I'm not sure if errata should be used to capture changing implementation details like this. We expected the implementation details that we documented in the appendix to change, and explicitly stated that assumption. "The implementation details herein are considered accurate at the time of publishing but will likely change over time.".
If updating those implementation details were in scope, then the proposed text should needs to be revised before being accepted due to some inaccuracies (e.g. SFSafariViewController is not a successor to ASWebAuthenticationSession). Best, William On Mon, Aug 26, 2019 at 12:04 PM RFC Errata System < rfc-edi...@rfc-editor.org> wrote: > The following errata report has been submitted for RFC8252, > "OAuth 2.0 for Native Apps". > > -------------------------------------- > You may review the report below and at: > https://www.rfc-editor.org/errata/eid5848 > > -------------------------------------- > Type: Technical > Reported by: Bayard Bell <bayard.b...@twosigma.com> > > Section: Appendix B.1 > > Original Text > ------------- > Apps can initiate an authorization request in the browser, without > the user leaving the app, through the "SFSafariViewController" class > or its successor "SFAuthenticationSession", which implement the in- > app browser tab pattern. Safari can be used to handle requests on > old versions of iOS without in-app browser tab functionality. > > Corrected Text > -------------- > Apps can initiate an authorization request in the browser, without > the user leaving the app, through the "ASWebAuthenticationSession" > class or its successors "SFAuthenticationSession" and > "SFSafariViewController", which implement the in-app browser tab > pattern. The first of these allows calls to a handler registered > for the AS URL, consistent with Section 7.2. The latter two classes, > now deprecated, can use Safari to handle requests on old versions of > iOS without in-app browser tab functionality. > > Notes > ----- > SFAuthenticationSession documentation reflects deprecated status: > > > https://developer.apple.com/documentation/safariservices/sfauthenticationsession > > Here's the documentation for ASWebAuthenticationSession: > > > https://developer.apple.com/documentation/authenticationservices/aswebauthenticationsession > > Instructions: > ------------- > This erratum is currently posted as "Reported". If necessary, please > use "Reply All" to discuss whether it should be verified or > rejected. When a decision is reached, the verifying party > can log in to change the status and edit the report, if necessary. > > -------------------------------------- > RFC8252 (draft-ietf-oauth-native-apps-12) > -------------------------------------- > Title : OAuth 2.0 for Native Apps > Publication Date : October 2017 > Author(s) : W. Denniss, J. Bradley > Category : BEST CURRENT PRACTICE > Source : Web Authorization Protocol > Area : Security > Stream : IETF > Verifying Party : IESG > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
