RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 6749, "The OAuth 2.0 Authorization Framework", October 2012

Note: This RFC has been updated by RFC 8252, RFC 8996

Source of RFC: oauth (sec)

Errata ID: 3880
Status: Rejected
Type: Technical
Publication Format(s) : TEXT

Reported By: Eriksen Costa
Date Reported: 2014-02-04
Rejected by: Kathleen Moriarty
Date Rejected: 2015-12-08

Section 10.16 says:

For public clients using implicit flows, this specification does not
provide any method for the client to determine what client an access
token was issued to.

It should say:

For public clients using implicit flows, this specification does not
provide any method for the authorization server to determine what
client an access token was issued to.

Notes:

A client can only know about tokens issued to it and not for other clients.

From the WG:
https://www.ietf.org/mail-archive/web/oauth/current/msg12391.html
--VERIFIER NOTES--
The current text is correct, see https://www.ietf.org/mail-archive/web/oauth/current/msg12391.html

Report New Errata



Advanced Search