Just had this bug reported on twitter:
https://twitter.com/tcaesvk/status/751225569925144576
It's legit, I'll tweak it in the next draft, whenever that comes along.
-- Justin
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinf
The only change to the new draft is to use terminology more consistently.
Specifically, it changes the terms "issuer URL" and "configuration information
location" to "issuer identifier" so that consistent terminology is used for
this. (This is the terminology used by OpenID Connect.)
This is
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol of the IETF.
Title : OAuth 2.0 Mix-Up Mitigation
Authors : Michael B. Jones
John Bradley
