RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

Found 1 record.

Status: Reported (1)

RFC 8959, "The "secret-token" URI Scheme", January 2021

Source of RFC: IETF - NON WORKING GROUP

Errata ID: 6440
Status: Reported
Type: Editorial
Publication Format(s) : TEXT, PDF, HTML

Reported By: Mark Nottingham
Date Reported: 2021-02-24

Section 2 says:

   GET /authenticated/stuff HTTP/1.1
   Host: www.example.com
   Authorization: Bearer
     secret-token:E92FB7EB-D882-47A4-A265-A0B6135DC842%20foo

It should say:

   POST /authenticated/stuff HTTP/1.1
   Host: www.example.com
   Content-Type: application/x-www-form-urlencoded

   access_token=secret-token:E92FB7EB-D882-47A4-A265-A0B6135DC842%20foo

Notes:

RFC7235 doesn't allow the ':' character in the token68 version of credentials, so the example given isn't technically allowed by either it or RFC6750 -- although it is known to be interoperable, because no known software enforces that arbitrary restriction.

This revised example shows a way to do it that is spec-conformant.

Report New Errata