The following errata report has been submitted for RFC6749, "The OAuth 2.0 Authorization Framework".
-------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid8790 -------------------------------------- Type: Technical Reported by: Filip Skokan <[email protected]> Section: 3.1 Original Text ------------- Request and response parameters MUST NOT be included more than once. Corrected Text -------------- Request and response parameters defined by this specification MUST NOT be included more than once. This requirement also applies to parameters defined by extensions unless the extension explicitly defines otherwise for a specific parameter. Notes ----- This builds upon verified erratum 5708 (https://www.rfc-editor.org/errata/eid5708) which added "defined by this specification" to scope the restriction to parameters defined in RFC 6749 and not to extension-defined parameters. However, that change left ambiguity about what rules apply to extension parameters. Several extensions explicitly allow repeated parameters, e.g., the "resource" parameter in RFC 8707 Section 2 ("Multiple resource parameters MAY be used to indicate that the requested token is intended to be used at multiple resources.") and the "resource" and "audience" parameters in RFC 8693 Section 2.1. The added sentence makes clear that extension parameters default to not being repeated, unless the extension defining them explicitly allows it. See also: https://mailarchive.ietf.org/arch/msg/oauth/l3Yp2W4QXHdCXgO3NVpC6syUMws/ Instructions: ------------- This erratum is currently posted as "Reported". (If it is spam, it will be removed shortly by the RFC Production Center.) Please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party will log in to change the status and edit the report, if necessary. -------------------------------------- RFC6749 (draft-ietf-oauth-v2-31) -------------------------------------- Title : The OAuth 2.0 Authorization Framework Publication Date : October 2012 Author(s) : D. Hardt, Ed. Category : PROPOSED STANDARD Source : Web Authorization Protocol Stream : IETF Verifying Party : IESG _______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
