This is not really an eratta. Asome point we need to update the BCP with a updated RFC. Perhaps the time is now to start a new draft that can capture the changes in iOS, OSX and others.
John B. On Mon, Aug 26, 2019, 10:46 PM William Denniss <wdenn...@google.com> wrote: > Process-wise I'm not sure if errata should be used to capture changing > implementation details like this. We expected the implementation details > that we documented in the appendix to change, and explicitly stated that > assumption. "The implementation details herein are considered accurate at > the time of publishing but will likely change over time.". > > If updating those implementation details were in scope, then the proposed > text should needs to be revised before being accepted due to some > inaccuracies (e.g. SFSafariViewController is not a successor to > ASWebAuthenticationSession). > > Best, > William > > On Mon, Aug 26, 2019 at 12:04 PM RFC Errata System < > rfc-edi...@rfc-editor.org> wrote: > >> The following errata report has been submitted for RFC8252, >> "OAuth 2.0 for Native Apps". >> >> -------------------------------------- >> You may review the report below and at: >> https://www.rfc-editor.org/errata/eid5848 >> >> -------------------------------------- >> Type: Technical >> Reported by: Bayard Bell <bayard.b...@twosigma.com> >> >> Section: Appendix B.1 >> >> Original Text >> ------------- >> Apps can initiate an authorization request in the browser, without >> the user leaving the app, through the "SFSafariViewController" class >> or its successor "SFAuthenticationSession", which implement the in- >> app browser tab pattern. Safari can be used to handle requests on >> old versions of iOS without in-app browser tab functionality. >> >> Corrected Text >> -------------- >> Apps can initiate an authorization request in the browser, without >> the user leaving the app, through the "ASWebAuthenticationSession" >> class or its successors "SFAuthenticationSession" and >> "SFSafariViewController", which implement the in-app browser tab >> pattern. The first of these allows calls to a handler registered >> for the AS URL, consistent with Section 7.2. The latter two classes, >> now deprecated, can use Safari to handle requests on old versions of >> iOS without in-app browser tab functionality. >> >> Notes >> ----- >> SFAuthenticationSession documentation reflects deprecated status: >> >> >> https://developer.apple.com/documentation/safariservices/sfauthenticationsession >> >> Here's the documentation for ASWebAuthenticationSession: >> >> >> https://developer.apple.com/documentation/authenticationservices/aswebauthenticationsession >> >> Instructions: >> ------------- >> This erratum is currently posted as "Reported". If necessary, please >> use "Reply All" to discuss whether it should be verified or >> rejected. When a decision is reached, the verifying party >> can log in to change the status and edit the report, if necessary. >> >> -------------------------------------- >> RFC8252 (draft-ietf-oauth-native-apps-12) >> -------------------------------------- >> Title : OAuth 2.0 for Native Apps >> Publication Date : October 2017 >> Author(s) : W. Denniss, J. Bradley >> Category : BEST CURRENT PRACTICE >> Source : Web Authorization Protocol >> Area : Security >> Stream : IETF >> Verifying Party : IESG >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >> >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
