RFC Errata


Errata Search
 
Source of RFC  
Summary Table Full Records

RFC 7591, "OAuth 2.0 Dynamic Client Registration Protocol", July 2015

Source of RFC: oauth (sec)

Errata ID: 7969
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Ivan Mok
Date Reported: 2024-06-03

Section 2.3 says: 

   For example, a software statement could contain the following claims:

     {
      "software_id": "4NRB1-0XZABZI9E6-5SM3R",
      "client_name": "Example Statement-based Client",
      "client_uri": "https://client.example.net/"
     }

   The following non-normative example JWT includes these claims and has
   been asymmetrically signed using "RS256" (with line breaks for
   display purposes only):

     eyJhbGciOiJSUzI1NiJ9.
     eyJzb2Z0d2FyZV9pZCI6IjROUkIxLTBYWkFCWkk5RTYtNVNNM1IiLCJjbGll
     bnRfbmFtZSI6IkV4YW1wbGUgU3RhdGVtZW50LWJhc2VkIENsaWVudCIsImNs
     aWVudF91cmkiOiJodHRwczovL2NsaWVudC5leGFtcGxlLm5ldC8ifQ.
     GHfL4QNIrQwL18BSRdE595T9jbzqa06R9BT8w409x9oIcKaZo_mt15riEXHa
     zdISUvDIZhtiyNrSHQ8K4TvqWxH6uJgcmoodZdPwmWRIEYbQDLqPNxREtYn0
     5X3AR7ia4FRjQ2ojZjk5fJqJdQ-JcfxyhK-P8BAWBd6I2LLA77IG32xtbhxY
     fHX7VhuU5ProJO8uvu3Ayv4XRhLZJY4yKfmyjiiKiPNe-Ia4SMy_d_QSWxsk
     U5XIQl5Sa2YRPMbDRXttm2TfnZM1xx70DoYi8g6czz-CPGRi4SW_S2RKHIJf
     IjoI3zTJ0Y2oe0_EJAiXbL6OyF9S5tKxDXV8JIndSA

It should say:

   For example, a software statement could contain the following claims:

     {
      "iss": "https://example.com",
      "software_id": "4NRB1-0XZABZI9E6-5SM3R",
      "client_name": "Example Statement-based Client",
      "client_uri": "https://client.example.net/"
     }

   The following non-normative example JWT includes these claims and has
   been asymmetrically signed using "RS256" (with line breaks for
   display purposes only):

     eyJhbGciOiJSUzI1NiJ9.<updatedPayloadWithIss>.<updatedSignature>

Notes:

Section 2.3 Software Statement says, "the software statement ... MUST contain an "iss" (issuer) claim denoting the party attesting to the claims in the software statement." It would be useful to readers if the sample software statement in the same section adheres to this condition.

If this change is reasonable, the signed JWT in section 3.1.1. Client Registration Request Using a Software Statement should also be updated.

Report New Errata



Advanced Search