RFC Errata
RFC 6749, "The OAuth 2.0 Authorization Framework", October 2012
Note: This RFC has been updated by RFC 8252, RFC 8996
Source of RFC: oauth (sec)See Also: RFC 6749 w/ inline errata
Errata ID: 5708
Status: Verified
Type: Editorial
Publication Format(s) : TEXT
Reported By: Brian Campbell
Date Reported: 2019-04-29
Verifier Name: Roman Danyliw
Date Verified: 2024-01-17
Section 3.1 and 3.2 says:
Parameters sent without a value MUST be treated as if they were omitted from the request. The authorization server MUST ignore unrecognized request parameters. Request and response parameters MUST NOT be included more than once.
It should say:
Parameters sent without a value MUST be treated as if they were omitted from the request. The authorization server MUST ignore unrecognized request parameters. Request and response parameters defined by this specification MUST NOT be included more than once.
Notes:
Adds the text "defined by this specification" to the last sentence to clarify that the restriction only applies to parameters defined in RFC 6749 and not to unrecognized parameters or parameters defined by extension.