Hi Peter,
thanks, this is fixed in the (yet unpublished) version of the Security BCP.
-Daniel
Am 12.03.20 um 14:35 schrieb Pieter Philippaerts:
> Hi everyone,
>
> I hope this is the right mailing list to submit mistakes in the OAuth
> specifications...
>
> I was reading through the latest version of the OAuth 2.0 Security
> Best Current Practice (version 14) and noticed a very small error.
> Section 2.1..1 reads: "To this end, they MUST either (a) publish the
> element "code_challenge_methods_supported" in their AS metadata
> ([RFC8418])...", but the reference to RFC8418 is wrong. RFC8418 is
> totally unrelated to OAuth2 or AS metadata. I believe you wanted to
> link to RFC8414 ("OAuth 2.0 Authorization Server Metadata").
>
> The new OAuth 2.1 draft has the same text (and wrong reference) in
> section 9.7.
>
> Kind regards,
> Pieter
>
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
