RFC Errata
RFC 9126, "OAuth 2.0 Pushed Authorization Requests", September 2021
Source of RFC: oauth (sec)
Errata ID: 7254
Status: Reported
Type: Technical
Publication Format(s) : TEXT, PDF, HTML
Reported By: Joseph Heenan
Date Reported: 2022-11-18
Section 1.1 says:
POST /as/par HTTP/1.1 Host: as.example.com Content-Type: application/x-www-form-urlencoded &response_type=code &client_id=CLIENT1234&state=duk681S8n00GsJpe7n9boxdzen <...>
It should say:
POST /as/par HTTP/1.1 Host: as.example.com Content-Type: application/x-www-form-urlencoded response_type=code &client_id=CLIENT1234&state=duk681S8n00GsJpe7n9boxdzen <...>
Notes:
In the 'Introductory Example', the POST body to the par endpoint contains an unnecessary '&' at the start. (It's perhaps technically valid, but could potentially confuse readers.)