RFC Errata
RFC 6749, "The OAuth 2.0 Authorization Framework", October 2012
Note: This RFC has been updated by RFC 8252, RFC 8996, RFC 9700
Source of RFC: oauth (sec)
Errata ID: 5234
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Randip Kumar Malakar
Date Reported: 2018-01-12
Section 2.1. says:
public
Clients incapable of maintaining the confidentiality of their
credentials (e.g., clients executing on the device used by the
resource owner, such as an installed native application or a web
browser-based application), and incapable of secure client
authentication via any other means.
It should say:
public
Clients incapable of maintaining the confidentiality of their
credentials (e.g., clients executing on the device used by the
third-party (not resource owner but another end user), such as an
installed native application or a web
browser-based application), and incapable of secure client
authentication via any other means.
Notes:
I think in case of public client type, it should state as "e.g. the clients executing on the device used by third-party and not the actual resource owner" as mentioned in the original RFC. I let the author or experts to review my remark. Thanks.