Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Minor fix #173

Merged
merged 2 commits into from
Apr 26, 2024
Merged

Minor fix #173

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
657c1b6
Minor fix
MozharAlhosni Apr 13, 2024
5289949
Minor Fix 2
MozharAlhosni Apr 13, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions draft-ietf-oauth-v2-1.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -495,7 +495,7 @@ The flow illustrated in {{fig-refresh-token-flow}} includes the following steps:
### Client Credentials

The client credentials or other forms of client authentication
(e.g. a private key used to sign a JWT, as described in {{RFC7523}})
(e.g., a private key used to sign a JWT, as described in {{RFC7523}})
can be used as an authorization grant when the authorization scope is
limited to the protected resources under the control of the client,
or to protected resources previously arranged with the authorization
Expand Down Expand Up @@ -646,7 +646,7 @@ Transport-Layer Security {{RFC8446}},
to protect the exchange of clear-text credentials and tokens
either in the content or in header fields
from eavesdropping, tampering, and message forgery
(eg. see {{client-secret}}, {{authorization_codes}}, {{token-endpoint}}, and {{bearer-tokens}}).
(e.g., see {{client-secret}}, {{authorization_codes}}, {{token-endpoint}}, and {{bearer-tokens}}).

OAuth URLs MUST use the `https` scheme
except for loopback interface redirect URIs,
Expand Down Expand Up @@ -949,7 +949,7 @@ The redirection request to the client's endpoint typically results in
an HTML document response, processed by the user agent. If the HTML
response is served directly as the result of the redirection request,
any script included in the HTML document will execute with full
access to the redirect URI and the artifacts (e.g. authorization code)
access to the redirect URI and the artifacts (e.g., authorization code)
it contains. Additionally, the request URL containing the authorization code
may be sent in the HTTP Referer header to any embedded images, stylesheets
and other elements loaded in the page.
Expand Down Expand Up @@ -1991,7 +1991,7 @@ refresh token replay by malicious actors for public clients:

* *Sender-constrained refresh tokens:* the authorization server
cryptographically binds the refresh token to a certain client
instance, e.g. by utilizing DPoP {{RFC9449}} or mTLS {{RFC8705}}.
instance, e.g., by utilizing DPoP {{RFC9449}} or mTLS {{RFC8705}}.

* *Refresh token rotation:* the authorization server issues a new
refresh token with every access token refresh response. The
Expand Down