RFC Errata
Found 1 record.
Status: Reported (1)
RFC 8959, "The "secret-token" URI Scheme", January 2021
Source of RFC: IETF - NON WORKING GROUPArea Assignment: art
Errata ID: 6440
Status: Reported
Type: Editorial
Publication Format(s) : TEXT, PDF, HTML
Reported By: Mark Nottingham
Date Reported: 2021-02-24
Section 2 says:
GET /authenticated/stuff HTTP/1.1 Host: www.example.com Authorization: Bearer secret-token:E92FB7EB-D882-47A4-A265-A0B6135DC842%20foo
It should say:
POST /authenticated/stuff HTTP/1.1 Host: www.example.com Content-Type: application/x-www-form-urlencoded access_token=secret-token:E92FB7EB-D882-47A4-A265-A0B6135DC842%20foo
Notes:
RFC7235 doesn't allow the ':' character in the token68 version of credentials, so the example given isn't technically allowed by either it or RFC6750 -- although it is known to be interoperable, because no known software enforces that arbitrary restriction.
This revised example shows a way to do it that is spec-conformant.