RFC Errata
RFC 7662, "OAuth 2.0 Token Introspection", October 2015
Source of RFC: oauth (sec)
Errata ID: 7607
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Fulong Sun
Date Reported: 2023-08-17
Section 2.2 says:
a given token has been issued by this authorization server, has not been revoked by the resource owner, and is within its given time window of validity
It should say:
a given token has been issued by this authorization server, has not been revoked by the resource owner or client, and is within its given time window of validity
Notes:
RFC 7009 defined a given token can be revoke by client, so should write client here.