RFC Errata
RFC 8252, "OAuth 2.0 for Native Apps", October 2017
Source of RFC: oauth (sec)
Errata ID: 8080
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Bryce Thomas
Date Reported: 2024-08-16
Section 6 and 7.1 says:
Any redirect URI that allows the app to receive the URI and inspect its parameters is viable. and When choosing a URI scheme to associate with the app, apps MUST use a URI scheme based on a domain name under their control, expressed in reverse order, as recommended by Section 3.8 of [RFC7595] for private-use URI schemes.
It should say:
Any redirect URI that allows the app to receive the URI and inspect its parameters is viable. and When choosing a URI scheme to associate with the app, apps SHOULD use a URI scheme based on a domain name under their control, expressed in reverse order, as recommended by Section 3.8 of [RFC7595] for
Notes:
These two statements appear to conflict. Suggest downgrading the section 7.1 text from MUST to SHOULD to resolve the conflict.