This is not an error and the errata should be rejected. As per the ABNF definition in https://www.rfc-editor.org/rfc/rfc5234.html#section-21 the name contains "alphabetics, digits, and hyphens (dashes)", and not underscores. I believe the commenter is expecting the ABNF rule name of code-verifier to match the parameter name of code_verifier, but they do not need to be the same. While this is confusing, the text is correct as it stands.
- Justin ________________________________ From: RFC Errata System <[email protected]> Sent: Friday, June 13, 2025 6:11 AM To: [email protected] <[email protected]> Cc: Jeffrey S Walden <[email protected]>; [email protected] <[email protected]>; [email protected] <[email protected]>; [email protected] <[email protected]> Subject: [OAUTH-WG] [Editorial Errata Reported] RFC7636 (8457) The following errata report has been submitted for RFC7636, "Proof Key for Code Exchange by OAuth Public Clients". -------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid8457 -------------------------------------- Type: Editorial Reported by: Jeff Walden <[email protected]> Section: 4.1 Original Text ------------- code-verifier = 43*128unreserved Corrected Text -------------- code_verifier = 43*128unreserved Notes ----- The ABNF accidentally uses a hyphen/dash rather than an underscore in the code_verifier name in its rule. Instructions: ------------- This erratum is currently posted as "Reported". (If it is spam, it will be removed shortly by the RFC Production Center.) Please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party will log in to change the status and edit the report, if necessary. -------------------------------------- RFC7636 (draft-ietf-oauth-spop-15) -------------------------------------- Title : Proof Key for Code Exchange by OAuth Public Clients Publication Date : September 2015 Author(s) : N. Sakimura, Ed., J. Bradley, N. Agarwal Category : PROPOSED STANDARD Source : Web Authorization Protocol Stream : IETF Verifying Party : IESG _______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
