RFC Errata
RFC 6749, "The OAuth 2.0 Authorization Framework", October 2012
Note: This RFC has been updated by RFC 8252, RFC 8996
Source of RFC: oauth (sec)
Errata ID: 3880
Status: Rejected
Type: Technical
Publication Format(s) : TEXT
Reported By: Eriksen Costa
Date Reported: 2014-02-04
Rejected by: Kathleen Moriarty
Date Rejected: 2015-12-08
Section 10.16 says:
For public clients using implicit flows, this specification does not provide any method for the client to determine what client an access token was issued to.
It should say:
For public clients using implicit flows, this specification does not provide any method for the authorization server to determine what client an access token was issued to.
Notes:
A client can only know about tokens issued to it and not for other clients.
From the WG:
https://www.ietf.org/mail-archive/web/oauth/current/msg12391.html
--VERIFIER NOTES--
The current text is correct, see https://www.ietf.org/mail-archive/web/oauth/current/msg12391.html