From 657c1b620170b7034d0787ef711218c69572dc51 Mon Sep 17 00:00:00 2001 From: Mozhar Alhosni Date: Sat, 13 Apr 2024 15:16:54 +0300 Subject: [PATCH 1/2] Minor fix Changed "eg." to "e.g.,". --- draft-ietf-oauth-v2-1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-ietf-oauth-v2-1.md b/draft-ietf-oauth-v2-1.md index ef371f3..495851e 100644 --- a/draft-ietf-oauth-v2-1.md +++ b/draft-ietf-oauth-v2-1.md @@ -646,7 +646,7 @@ Transport-Layer Security {{RFC8446}}, to protect the exchange of clear-text credentials and tokens either in the content or in header fields from eavesdropping, tampering, and message forgery -(eg. see {{client-secret}}, {{authorization_codes}}, {{token-endpoint}}, and {{bearer-tokens}}). +(e.g., see {{client-secret}}, {{authorization_codes}}, {{token-endpoint}}, and {{bearer-tokens}}). OAuth URLs MUST use the `https` scheme except for loopback interface redirect URIs, From 5289949541404795e56cea41f688d43c272b2ab4 Mon Sep 17 00:00:00 2001 From: Mozhar Alhosni Date: Sat, 13 Apr 2024 19:34:19 +0300 Subject: [PATCH 2/2] Minor Fix 2 Changed "e.g. " to "e.g., " --- draft-ietf-oauth-v2-1.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/draft-ietf-oauth-v2-1.md b/draft-ietf-oauth-v2-1.md index 495851e..fbd2450 100644 --- a/draft-ietf-oauth-v2-1.md +++ b/draft-ietf-oauth-v2-1.md @@ -495,7 +495,7 @@ The flow illustrated in {{fig-refresh-token-flow}} includes the following steps: ### Client Credentials The client credentials or other forms of client authentication -(e.g. a private key used to sign a JWT, as described in {{RFC7523}}) +(e.g., a private key used to sign a JWT, as described in {{RFC7523}}) can be used as an authorization grant when the authorization scope is limited to the protected resources under the control of the client, or to protected resources previously arranged with the authorization @@ -949,7 +949,7 @@ The redirection request to the client's endpoint typically results in an HTML document response, processed by the user agent. If the HTML response is served directly as the result of the redirection request, any script included in the HTML document will execute with full -access to the redirect URI and the artifacts (e.g. authorization code) +access to the redirect URI and the artifacts (e.g., authorization code) it contains. Additionally, the request URL containing the authorization code may be sent in the HTTP Referer header to any embedded images, stylesheets and other elements loaded in the page. @@ -1991,7 +1991,7 @@ refresh token replay by malicious actors for public clients: * *Sender-constrained refresh tokens:* the authorization server cryptographically binds the refresh token to a certain client - instance, e.g. by utilizing DPoP {{RFC9449}} or mTLS {{RFC8705}}. + instance, e.g., by utilizing DPoP {{RFC9449}} or mTLS {{RFC8705}}. * *Refresh token rotation:* the authorization server issues a new refresh token with every access token refresh response. The