RFC Errata
RFC 9200, "Authentication and Authorization for Constrained Environments Using the OAuth 2.0 Framework (ACE-OAuth)", August 2022
Source of RFC: ace (sec)
Errata ID: 8233
Status: Reported
Type: Technical
Publication Format(s) : HTML
Reported By: Marco Tiloca
Date Reported: 2025-01-03
Section F.1 says:
The AS responds with a 2.05 (Content) response containing the
Access Information, including the access token. The PoP access
...
| |
B: |<--------+ Header: 2.05 Content
| 2.05 | Content-Format: application/ace+cbor
| | Payload: <Response-Payload>
| |
...
It should say:
The AS responds with a 2.01 (Created) response containing the
Access Information, including the access token. The PoP access
...
| |
B: |<--------+ Header: 2.01 Created
| 2.01 | Content-Format: application/ace+cbor
| | Payload: <Response-Payload>
| |
...
Notes:
The quoted text and the example in Figure 11 consider a response with CoAP response code 2.05 (Content). However, as defined in Section 5.8.2, a successful response from the /token endpoint has CoAP response code 2.01 (Created).
Moreover, 2.05 (Content) is not a valid CoAP response code for a response to a POST request, see Section 10.1.4 of RFC 7252.