RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 6749, "The OAuth 2.0 Authorization Framework", October 2012

Source of RFC: oauth (sec)

Errata ID: 5708
Status: Reported
Type: Editorial

Reported By: Brian Campbell
Date Reported: 2019-04-29

Section 3.1 and 3.2 says:

Parameters sent without a value MUST be treated as if they were
omitted from the request.  The authorization server MUST ignore
unrecognized request parameters.  Request and response parameters
MUST NOT be included more than once.

It should say:

Parameters sent without a value MUST be treated as if they were
omitted from the request.  The authorization server MUST ignore
unrecognized request parameters.  Request and response parameters
defined by this specification MUST NOT be included more than once.

Notes:

Adds the text "defined by this specification" to the last sentence to clarify that the restriction only applies to parameters defined in RFC 6749 and not to unrecognized parameters or parameters defined by extension.

Report New Errata