RFC Errata


Errata Search
 
Source of RFC  
Summary Table Full Records

Found 2 records.

Status: Reported (1)

RFC 8414, "OAuth 2.0 Authorization Server Metadata", June 2018

Source of RFC: oauth (sec)

Errata ID: 7793
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Kristina Yasuda
Date Reported: 2024-01-31

Section 2 says: 

response_types_supported
      REQUIRED.  JSON array containing a list of the OAuth 2.0
      "response_type" values that this authorization server supports.
      The array values used are the same as those used with the
      "response_types" parameter defined by "OAuth 2.0 Dynamic Client
      Registration Protocol" [RFC7591].

It should say:

response_types_supported
      JSON array containing a list of the OAuth 2.0
      "response_type" values that this authorization server supports.
      This is REQUIRED unless no grant types are supported
      that use the authorization endpoint. The array values used are
      the same as those used with the "response_types" parameter defined by
      "OAuth 2.0 Dynamic Client Registration Protocol" [RFC7591].

Notes:

For the authorization servers that only support grant types that do not use authorization endpoint (like client credentials grant), there is no value to put in the required `response_types_supported` parameter. At the same time, section 3.2 says that "Claims with zero elements MUST be omitted from the response." `authorization_endpoint`parameter is already required for the ASs that support grant types that use the authorization endpoint, so it should be the same for the `response_types_supported` parameter.

Status: Rejected (1)

RFC 8414, "OAuth 2.0 Authorization Server Metadata", June 2018

Source of RFC: oauth (sec)

Errata ID: 8696
Status: Rejected
Type: Editorial
Publication Format(s) : TEXT
Reported By: Philip Wedemann
Date Reported: 2026-01-07
Rejected by: RFC Editor
Date Rejected: 2026-12-01

Section 8.2 says: 

[MIX-UP]   Jones, M., Bradley, J., and N. Sakimura, "OAuth 2.0 Mix-Up
              Mitigation", Work in Progress, draft-ietf-oauth-mix-up-
              mitigation-01, July 2016.

It should say:

[RFC9207]  Meyer zu Selhausen, K. and D. Fett, "OAuth 2.0 Authorization Server 
Issuer Identification", RFC 9207, DOI 10.17487/RFC9207, March 2022, <https://
www.rfc-editor.org/info/rfc9207>.

Notes:

[MIX-UP] is not a draft anymore, but was accepted in RFC 9207
--VERIFIER NOTES--
Reference was correct at the time of publication.

Report New Errata



Advanced Search