RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

Found 1 record.

Status: Rejected (1)

RFC 8252, "OAuth 2.0 for Native Apps", October 2017

Source of RFC: oauth (sec)

Errata ID: 5848
Status: Rejected
Type: Technical
Publication Format(s) : TEXT

Reported By: Bayard Bell
Date Reported: 2019-08-26
Rejected by: Benjamin Kaduk
Date Rejected: 2019-08-30

Section Appendix B.1 says:

Apps can initiate an authorization request in the browser, without
the user leaving the app, through the "SFSafariViewController" class
or its successor "SFAuthenticationSession", which implement the in-
app browser tab pattern.  Safari can be used to handle requests on
old versions of iOS without in-app browser tab functionality.

It should say:

Apps can initiate an authorization request in the browser, without
the user leaving the app, through the "ASWebAuthenticationSession"
class or its successors "SFAuthenticationSession" and
"SFSafariViewController", which implement the in-app browser tab
pattern.  The first of these allows calls to a handler registered
for the AS URL, consistent with Section 7.2. The latter two classes,
now deprecated, can use Safari to handle requests on old versions of
iOS without in-app browser tab functionality.

Notes:

SFAuthenticationSession documentation reflects deprecated status:

https://developer.apple.com/documentation/safariservices/sfauthenticationsession

Here's the documentation for ASWebAuthenticationSession:

https://developer.apple.com/documentation/authenticationservices/aswebauthenticationsession
--VERIFIER NOTES--
This sort of change to update for events since the time of publication is not appropriate for an erratum; errata are intended solely to indicate errors in a document that were errors at the time of publication. A revision of the document or a new document with an "Updates:" relationship would be more appropriate ways to indicate that the situation has changed.

Report New Errata