RFC Errata
RFC 6749, "The OAuth 2.0 Authorization Framework", October 2012
Note: This RFC has been updated by RFC 8252, RFC 8996
Source of RFC: oauth (sec)
Errata ID: 7716
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Alex Wilson
Date Reported: 2023-11-29
Section 4.2.2 says:
For example, the authorization server redirects the user-agent by
sending the following HTTP response (with extra line breaks for
display purposes only):
HTTP/1.1 302 Found
Location: http://example.com/cb#access_token=2YotnFZFEjr1zCsicMWpAA
&state=xyz&token_type=example&expires_in=3600
It should say:
For example, the authorization server redirects the user-agent by
sending the following HTTP response (with extra line breaks for
display purposes only):
HTTP/1.1 302 Found
Location: http://client.example.com/cb?access_token=2YotnFZFEjr1zCsicMWpAA
&state=xyz&token_type=example&expires_in=3600
Notes:
- Host example.com should be client.example.com to be consistent with other examples.
- A hash is used for the query parameters when a question mark should have been used.
RFC Editor Note: The first point above is a duplicate of EID 4819, which is currently still in Reported state (see https://www.rfc-editor.org/errata/eid4819).