RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 6749, "The OAuth 2.0 Authorization Framework", October 2012

Source of RFC: oauth (sec)

Errata ID: 5234
Status: Reported
Type: Technical
Publication Format(s) : TEXT

Reported By: Randip Kumar Malakar
Date Reported: 2018-01-12

Section 2.1. says:

   public
      Clients incapable of maintaining the confidentiality of their
      credentials (e.g., clients executing on the device used by the
      resource owner, such as an installed native application or a web
      browser-based application), and incapable of secure client
      authentication via any other means.

It should say:

   public
      Clients incapable of maintaining the confidentiality of their
      credentials (e.g., clients executing on the device used by the
      third-party (not resource owner but another end user), such as an
      installed native application or a web
      browser-based application), and incapable of secure client
      authentication via any other means.

Notes:

I think in case of public client type, it should state as "e.g. the clients executing on the device used by third-party and not the actual resource owner" as mentioned in the original RFC. I let the author or experts to review my remark. Thanks.

Report New Errata