RFC 9126, "OAuth 2.0 Pushed Authorization Requests", September 2021

Errata ID: 7254
Status: Reported
Type: Technical
Publication Format(s) : TEXT, PDF, HTML
Reported By: Joseph Heenan
Date Reported: 2022-11-18

Section 1.1 says:

POST /as/par HTTP/1.1
Host: as.example.com
Content-Type: application/x-www-form-urlencoded

&response_type=code
&client_id=CLIENT1234&state=duk681S8n00GsJpe7n9boxdzen
<...>

It should say:

POST /as/par HTTP/1.1
Host: as.example.com
Content-Type: application/x-www-form-urlencoded

response_type=code
&client_id=CLIENT1234&state=duk681S8n00GsJpe7n9boxdzen
<...>

Notes:

In the 'Introductory Example', the POST body to the par endpoint contains an unnecessary '&' at the start. (It's perhaps technically valid, but could potentially confuse readers.)

Report New Errata