RFC Errata
RFC 6749, "The OAuth 2.0 Authorization Framework", October 2012
Note: This RFC has been updated by RFC 8252, RFC 8996
Source of RFC: oauth (sec)
Errata ID: 7715
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Alex Wilson
Date Reported: 2023-11-29
Section 4.2.2.1 says:
HTTP/1.1 302 Found Location: https://client.example.com/cb#error=access_denied&state=xyz
It should say:
HTTP/1.1 302 Found Location: https://client.example.com/cb?error=access_denied&state=xyz
Notes:
For query parameters, the hash should be a question mark.