RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 6749, "The OAuth 2.0 Authorization Framework", October 2012

Note: This RFC has been updated by RFC 8252, RFC 8996

Source of RFC: oauth (sec)

Errata ID: 5793
Status: Reported
Type: Technical
Publication Format(s) : TEXT

Reported By: Martin May
Date Reported: 2019-07-25

Section 2.3.1 says:

   Alternatively, the authorization server MAY support including the
   client credentials in the request-body using the following
   parameters:

It should say:

   In addition to that, the authorization server MAY support including
   the client credentials in the request-body using the following
   parameters:

Notes:

Given that the authorization MUST support the HTTP Basic authentication scheme in the paragraphs just before this one, using the word "alternatively" here can be understood as "instead of", which is not the intention and can lead to confusion for implementors.

This intention is further highlighted by the use of the word MAY in the paragraph above.

Report New Errata



Advanced Search