RFC Errata
Found 2 records.
Status: Reported (1)
RFC 8252, "OAuth 2.0 for Native Apps", October 2017
Source of RFC: oauth (sec)
Errata ID: 8080
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Bryce Thomas
Date Reported: 2024-08-16
Section 6 and 7.1 says:
Any redirect URI that allows the app to receive the URI and inspect its parameters is viable. and When choosing a URI scheme to associate with the app, apps MUST use a URI scheme based on a domain name under their control, expressed in reverse order, as recommended by Section 3.8 of [RFC7595] for private-use URI schemes.
It should say:
Any redirect URI that allows the app to receive the URI and inspect its parameters is viable. and When choosing a URI scheme to associate with the app, apps SHOULD use a URI scheme based on a domain name under their control, expressed in reverse order, as recommended by Section 3.8 of [RFC7595] for
Notes:
These two statements appear to conflict. Suggest downgrading the section 7.1 text from MUST to SHOULD to resolve the conflict.
Status: Rejected (1)
RFC 8252, "OAuth 2.0 for Native Apps", October 2017
Source of RFC: oauth (sec)
Errata ID: 5848
Status: Rejected
Type: Technical
Publication Format(s) : TEXT
Reported By: Bayard Bell
Date Reported: 2019-08-26
Rejected by: Benjamin Kaduk
Date Rejected: 2019-08-30
Section Appendix B.1 says:
Apps can initiate an authorization request in the browser, without the user leaving the app, through the "SFSafariViewController" class or its successor "SFAuthenticationSession", which implement the in- app browser tab pattern. Safari can be used to handle requests on old versions of iOS without in-app browser tab functionality.
It should say:
Apps can initiate an authorization request in the browser, without the user leaving the app, through the "ASWebAuthenticationSession" class or its successors "SFAuthenticationSession" and "SFSafariViewController", which implement the in-app browser tab pattern. The first of these allows calls to a handler registered for the AS URL, consistent with Section 7.2. The latter two classes, now deprecated, can use Safari to handle requests on old versions of iOS without in-app browser tab functionality.
Notes:
SFAuthenticationSession documentation reflects deprecated status:
https://developer.apple.com/documentation/safariservices/sfauthenticationsession
Here's the documentation for ASWebAuthenticationSession:
https://developer.apple.com/documentation/authenticationservices/aswebauthenticationsession
--VERIFIER NOTES--
This sort of change to update for events since the time of publication is not appropriate for an erratum; errata are intended solely to indicate errors in a document that were errors at the time of publication. A revision of the document or a new document with an "Updates:" relationship would be more appropriate ways to indicate that the situation has changed.