RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 6749, "The OAuth 2.0 Authorization Framework", October 2012

Source of RFC: oauth (sec)

Errata ID: 4819

Status: Reported
Type: Technical

Reported By: Lars Kemmann
Date Reported: 2016-10-05

Section 4.2.2 says:

HTTP/1.1 302 Found
Location: http://example.com/cb#
          access_token=2YotnFZFEjr1zCsicMWpAA
          &state=xyz&token_type=example&expires_in=3600

It should say:

HTTP/1.1 302 Found
Location: http://client.example.com/cb#
          access_token=2YotnFZFEjr1zCsicMWpAA
          &state=xyz&token_type=example&expires_in=3600

Notes:

In the example for section 4.2.1, the request was made with a `redirect_uri` parameter value of `redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb`. If I understand correctly, the `client` subdomain should be included in the `Location` header in the response.

Report New Errata