RFC Errata
RFC 6749, "The OAuth 2.0 Authorization Framework", October 2012
Note: This RFC has been updated by RFC 8252, RFC 8996
Source of RFC: oauth (sec)
Errata ID: 5234
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Randip Kumar Malakar
Date Reported: 2018-01-12
Section 2.1. says:
public Clients incapable of maintaining the confidentiality of their credentials (e.g., clients executing on the device used by the resource owner, such as an installed native application or a web browser-based application), and incapable of secure client authentication via any other means.
It should say:
public Clients incapable of maintaining the confidentiality of their credentials (e.g., clients executing on the device used by the third-party (not resource owner but another end user), such as an installed native application or a web browser-based application), and incapable of secure client authentication via any other means.
Notes:
I think in case of public client type, it should state as "e.g. the clients executing on the device used by third-party and not the actual resource owner" as mentioned in the original RFC. I let the author or experts to review my remark. Thanks.