draft-ietf-oauth-spop-01.txt   draft-ietf-oauth-spop-02.txt 
OAuth Working Group N. Sakimura, Ed. OAuth Working Group N. Sakimura, Ed.
Internet-Draft Nomura Research Institute Internet-Draft Nomura Research Institute
Intended status: Standards Track J. Bradley Intended status: Standards Track J. Bradley
Expires: April 29, 2015 Ping Identity Expires: April 27, 2015 Ping Identity
N. Agarwal N. Agarwal
Google Google
October 26, 2014 October 26, 2014
Symmetric Proof of Possession for the OAuth Authorization Code Grant Symmetric Proof of Possession for the OAuth Authorization Code Grant
draft-ietf-oauth-spop-01 draft-ietf-oauth-spop-02
Abstract Abstract
The OAuth 2.0 public client utilizing Authorization Code Grant (RFC The OAuth 2.0 public client utilizing Authorization Code Grant (RFC
6749 - 4.1) is susceptible to the code interception attack. This 6749 - 4.1) is susceptible to the code interception attack. This
specification describes a mechanism that acts as a control against specification describes a mechanism that acts as a control against
this threat. this threat.
Status of This Memo Status of this Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 29, 2015. This Internet-Draft will expire on April 27, 2015.
Copyright Notice Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents (http://trustee.ietf.org/
(http://trustee.ietf.org/license-info) in effect on the date of license-info) in effect on the date of publication of this document.
publication of this document. Please review these documents Please review these documents carefully, as they describe your rights
carefully, as they describe your rights and restrictions with respect and restrictions with respect to this document. Code Components
to this document. Code Components extracted from this document must extracted from this document must include Simplified BSD License text
include Simplified BSD License text as described in Section 4.e of as described in Section 4.e of the Trust Legal Provisions and are
the Trust Legal Provisions and are provided without warranty as provided without warranty as described in the Simplified BSD License.
described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Notational Conventions . . . . . . . . . . . . . . . . . . . 3 2. Notational Conventions . . . . . . . . . . . . . . . . . . . . 2
3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
4. Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . 4 4. Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
4.1. Client creates a code verifier . . . . . . . . . . . . . 4 4.1. Client creates a code verifier . . . . . . . . . . . . . . 3
4.2. Client creates the code challenge . . . . . . . . . . . . 4 4.2. Client creates the code challenge . . . . . . . . . . . . 4
4.3. Client sends the code challenge with the authorization 4.3. Client sends the code challenge with the authorization
request . . . . . . . . . . . . . . . . . . . . . . . . . 5 request . . . . . . . . . . . . . . . . . . . . . . . . . 4
4.4. Server returns the code . . . . . . . . . . . . . . . . . 5 4.4. Server returns the code . . . . . . . . . . . . . . . . . 4
4.5. Client sends the code and the secret to the token 4.5. Client sends the code and the secret to the token endpoint 5
endpoint . . . . . . . . . . . . . . . . . . . . . . . . 5
4.6. Server verifies code_verifier before returning the tokens 5 4.6. Server verifies code_verifier before returning the tokens 5
5. Compatibility . . . . . . . . . . . . . . . . . . . . . . . . 6 5. Compatibility . . . . . . . . . . . . . . . . . . . . . . . . 5
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6
6.1. OAuth Parameters Registry . . . . . . . . . . . . . . . . 6 6.1. OAuth Parameters Registry . . . . . . . . . . . . . . . . 6
7. Security Considerations . . . . . . . . . . . . . . . . . . . 7 7. Security Considerations . . . . . . . . . . . . . . . . . . . 6
7.1. Entropy of the code verifier . . . . . . . . . . . . . . 7 7.1. Entropy of the code verifier . . . . . . . . . . . . . . . 6
7.2. Protection against eavesdroppers . . . . . . . . . . . . 7 7.2. Protection against eavesdroppers . . . . . . . . . . . . . 6
7.3. Chekcing the Server support . . . . . . . . . . . . . . . 7 7.3. Checking the Server support . . . . . . . . . . . . . . . 7
7.4. OAuth security considerations . . . . . . . . . . . . . . 7 7.4. OAuth security considerations . . . . . . . . . . . . . . 7
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 8 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 7
9. Revision History . . . . . . . . . . . . . . . . . . . . . . 8 9. Revision History . . . . . . . . . . . . . . . . . . . . . . . 8
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 8
10.1. Normative References . . . . . . . . . . . . . . . . . . 9 10.1. Normative References . . . . . . . . . . . . . . . . . . 8
10.2. Informative References . . . . . . . . . . . . . . . . . 9 10.2. Informative References . . . . . . . . . . . . . . . . . 8
Appendix A. Notes on implementing base64url encoding without Appendix A. Notes on implementing base64url encoding without paddin 9
padding . . . . . . . . . . . . . . . . . . . . . . 9 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 10
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 11
1. Introduction 1. Introduction
Public clients in OAuth 2.0 [RFC6749] are susceptible to the Public clients in OAuth 2.0 [RFC6749] are susceptible to the
authorization "code" interception attack. A malicious client authorization "code" interception attack. A malicious client
intercepts the authorization code returned from the authorization intercepts the authorization code returned from the authorization
endpoint and uses it to obtain the access token. This is possible on endpoint and uses it to obtain the access token. This is possible on
a public client as there is no client secret associated for it to be a public client as there is no client secret associated for it to be
sent to the token endpoint. This is especially true on Smartphone sent to the token endpoint. This is especially true on Smartphone
applications where the authorization code can be returned through applications where the authorization code can be returned through
custom URL Schemes where the same scheme can be registered by custom URL Schemes where the same scheme can be registered by
multiple applications. Under this scenario, the mitigation strategy multiple applications. Under this scenario, the mitigation strategy
stated in section 4.4.1 of [RFC6819] does not work as they rely on stated in section 4.4.1 of [RFC6819] does not work as they rely on
per-client instance secret or per client instance redirect URI. per-client instance secret or per client instance redirect URI.
To mitigate this attack, this extension utilizes a dynamically To mitigate this attack, this extension utilizes a dynamically
created cryptographically random key called 'code verifier'. The created cryptographically random key called 'code verifier'. The code
code verifier is created for every authorization request and its verifier is created for every authorization request and its
transformed value, called 'code challenge', is sent to the transformed value, called 'code challenge', is sent to the
authorization server to obtain the authorization code. The authorization server to obtain the authorization code. The
authorization "code" obtained is then sent to the token endpoint with authorization "code" obtained is then sent to the token endpoint with
the 'code verifier' and the server compares it with the previously the 'code verifier' and the server compares it with the previously
received request code so that it can perform the proof of possession received request code so that it can perform the proof of possession
of the 'code verifier' by the client. This works as the mitigation of the 'code verifier' by the client. This works as the mitigation
since the attacker would not know this one-time key. since the attacker would not know this one-time key.
2. Notational Conventions 2. Notational Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in Key "OPTIONAL" in this document are to be interpreted as described in Key
words for use in RFCs to Indicate Requirement Levels [RFC2119]. If words for use in RFCs to Indicate Requirement Levels [RFC2119]. If
these words are used without being spelled in uppercase then they are these words are used without being spelled in uppercase then they are
to be interpreted with their normal natural language meanings. to be interpreted with their normal natural language meanings.
This specification uses the Augmented Backus-Naur Form (ABNF)
notation of [RFC5234].
BASE64URL(OCTETS) denotes the base64url encoding of OCTETS, per BASE64URL(OCTETS) denotes the base64url encoding of OCTETS, per
Section 3producing a [USASCII] STRING. Section 3 producing a [US-ASCII] STRING.
BASE64URL-DECODE(STRING) denotes the base64url decoding of STRING, BASE64URL-DECODE(STRING) denotes the base64url decoding of STRING,
per Section 3, producing a UTF-8 sequence of octets. per Section 3, producing a UTF-8 sequence of octets.
SHA256(STRING) denotes a SHA2 256bit hash [RFC4634] of STRING. SHA256(STRING) denotes a SHA2 256bit hash [RFC4634] of STRING.
UTF8(STRING) denotes the octets of the UTF-8 [RFC3629] representation UTF8(STRING) denotes the octets of the UTF-8 [RFC3629] representation
of STRING. of STRING.
ASCII(STRING) denotes the octets of the ASCII [USASCII] ASCII(STRING) denotes the octets of the ASCII [US-ASCII]
representation of STRING. representation of STRING.
The concatenation of two values A and B is denoted as A || B. The concatenation of two values A and B is denoted as A || B.
3. Terminology 3. Terminology
In addition to the terms defined in OAuth 2.0 [RFC6749], this In addition to the terms defined in OAuth 2.0 [RFC6749], this
specification defines the following terms: specification defines the following terms:
code verifier A cryptographically random string that is used to code verifier A cryptographically random string that is used to
correlate the authorization request to the token request. correlate the authorization request to the token request.
code challenge A challenge derived from the code verifier that is code challenge A challenge derived from the code verifier that is
sent in the authorization request, to be verified against later. sent in the authorization request, to be verified against later.
Base64url Encoding Base64 encoding using the URL- and filename-safe Base64url Encoding Base64 encoding using the URL- and filename-safe
character set defined in Section 5 of RFC 4648 [RFC4648], with all character set defined in Section 5 of RFC 4648 [RFC4648], with all
trailing '=' characters omitted (as permitted by Section 3.2) and trailing '=' characters omitted (as permitted by Section 3.2) and
without the inclusion of any line breaks, white space, or other without the inclusion of any line breaks, whitespace, or other
additional characters. (See Appendix A for notes on implementing additional characters. (See Appendix Appendix A for notes on
base64url encoding without padding.) implementing base64url encoding without padding.)
4. Protocol 4. Protocol
4.1. Client creates a code verifier 4.1. Client creates a code verifier
The client first creates a code verifier, "code_verifier", for each The client first creates a code verifier, "code_verifier", for each
OAuth 2.0 [RFC6749] Authorization Request, in the following manner: OAuth 2.0 [RFC6749] Authorization Request, in the following manner:
code_verifier = high entropy cryptographic random [USASCII] sequence code_verifier = high entropy cryptographic random [US-ASCII] sequence
using the url and filename safe Alphabet [A-Z] / [a-z] / [0-9] / "-" using the url and filename safe Alphabet [A-Z] / [a-z] / [0-9] / "-"
/ "_" from Sec 5 of RFC 4648 [RFC4648] , with length less than 128 / "_" from Sec 5 of RFC 4648 [RFC4648], with length less than 128
characters. characters.
ABNF for "code_verifier" is as follows. ABNF for "code_verifier" is as follows.
code_verifier = 42*128unreserved code_verifier = 42*128unreserved
unreserved = [A-Z] / [a-z] / [0-9] / "-" / "_" unreserved = [A-Z] / [a-z] / [0-9] / "-" / "_"
NOTE: code verifier SHOULD have enough entropy to make it impractical NOTE: code verifier SHOULD have enough entropy to make it impractical
to guess the value. It is RECOMMENDED that the output of a suitable to guess the value. It is RECOMMENDED that the output of a suitable
random number generator be used to create a 32-octet sequence. The random number generator be used to create a 32-octet sequence. The
Octet sequence is then BASE64URL encoded to produce a 42-octet URL Octet sequence is then BASE64URL encoded to produce a 42-octet URL
safe string to use as the code verifier. safe string to use as the code verifier.
4.2. Client creates the code challenge 4.2. Client creates the code challenge
The client then creates a code challenge, "code_challenge", derived The client then creates a code challenge, "code_challenge", derived
from the "code_verifier". The code challenge can use one of two from the "code_verifier" by using one of the following
transformations on the "code_verifier". transformations on the "code_verifier":
plain "code_challenge" = "code_verifier" plain "code_challenge" = "code_verifier"
S256 "code_challenge" = BASE64URL(SHA256("code_verifier")) S256 "code_challenge" = BASE64URL(SHA256("code_verifier"))
It is RECOMMENDED to use the S256 [RFC4634] transformation when It is RECOMMENDED to use the S256 transformation when possible.
possible.
ABNF for "code_challenge" is as follows. ABNF for "code_challenge" is as follows.
code_challenge = 42*128unreserved code_challenge = 42*128unreserved
unreserved = [A-Z] / [a-z] / [0-9] / "-" / "_" unreserved = [A-Z] / [a-z] / [0-9] / "-" / "_"
4.3. Client sends the code challenge with the authorization request 4.3. Client sends the code challenge with the authorization request
The client sends the code challenge as part of the OAuth 2.0 The client sends the code challenge as part of the OAuth 2.0
[RFC6749] Authorization Request (Section 4.1.1.) using the following [RFC6749] Authorization Request (Section 4.1.1.) using the following
additional parameters: additional parameters:
code_challenge REQUIRED. Code challenge. code_challenge REQUIRED. Code challenge.
code_challenge_method OPTIONAL, defaults to "plain". Code verifier code_challenge_method OPTIONAL, defaults to "plain". Code verifier
transformation method, "S256" or "plain". transformation method, "S256" or "plain".
4.4. Server returns the code 4.4. Server returns the code
When the server issues the "code" in the Authorization Response, it When the server issues the "code" in the Authorization Response, it
MUST associate the "code_challenge" and "code_challenge_method" MUST associate the "code_challenge" and "code_challenge_method"
values with the "code" so it can be verified later. values with the "code" so it can be verified later.
Typically, the "code_challenge" and "code_challenge_method" values Typically, the "code_challenge" and "code_challenge_method" values
are stored in encrypted form in the "code" itself, but it could as are stored in encrypted form in the "code" itself, but could
well be just stored at the server, associated with the code. The alternatively be stored on the server, associated with the code. The
server MUST NOT include the "code_challenge" value in the form that server MUST NOT include the "code_challenge" value in client requests
other entities can extract. in a form that other entities can extract.
The exact method that the server uses to associate the The exact method that the server uses to associate the
"code_challenge" with the issued "code" is out of scope for this "code_challenge" with the issued "code" is out of scope for this
specification. specification.
4.5. Client sends the code and the secret to the token endpoint 4.5. Client sends the code and the secret to the token endpoint
Upon receipt of the "code", the client sends the Access Token Request Upon receipt of the "code", the client sends the Access Token Request
to the token endpoint. In addition to the parameters defined in to the token endpoint. In addition to the parameters defined in
OAuth 2.0 [RFC6749] Access Token Request (Section 4.1.3.), it sends OAuth 2.0 [RFC6749] Access Token Request (Section 4.1.3.), it sends
the following parameter: the following parameter:
code_verifier REQUIRED. Code verifier code_verifier REQUIRED. Code verifier
4.6. Server verifies code_verifier before returning the tokens 4.6. Server verifies code_verifier before returning the tokens
Upon receipt of the request at the Access Token endpoint, the server Upon receipt of the request at the Access Token endpoint, the server
verifies it by calculating the code challenge from received verifies it by calculating the code challenge from received
"code_verifier" and comparing it with the previously associated "code_verifier" and comparing it with the previously associated
"code_challenge", after first transforming it according to the "code_challenge", after first transforming it according to the
"code_challenge_method" method specified by the client. "code_challenge_method" method specified by the client.
If the "code_challenge_method" from 3.2 was "S256", the received If the "code_challenge_method" from 3.2 was "S256", the received
"code_verifier" is first hashed with SHA-256 then compared to the "code_verifier" is first hashed with SHA-256 then compared to the
base64url decoded "code_challenge". i.e., base64url decoded "code_challenge". i.e.,
SHA256("code_verifier" ) == BASE64URL-DECODE("code_challenge"). SHA256("code_verifier" ) == BASE64URL-DECODE("code_challenge").
If the "code_challenge_method" from 3.2 was "none", they are compared If the "code_challenge_method" from 3.2 was "none", they are compared
directly. i.e., directly. i.e.,
"code_challenge" == "code_verifier". "code_challenge" == "code_verifier".
If the values are equal, the Access Token endpoint MUST continue If the values are equal, the Access Token endpoint MUST continue
processing as normal (as defined by OAuth 2.0 [RFC6749]). If the processing as normal (as defined by OAuth 2.0 [RFC6749]). If the
values are not equal, an error response indicating "invalid_grant" as values are not equal, an error response indicating "invalid_grant" as
described in section 5.2 of OAuth 2.0 [RFC6749] MUST be returned. described in section 5.2 of OAuth 2.0 [RFC6749] MUST be returned.
5. Compatibility 5. Compatibility
Server implementations of this specification MAY accept OAuth2.0 Server implementations of this specification MAY accept OAuth2.0
Clients that do not implement this extension. If the "code_verifier" Clients that do not implement this extension. If the "code_verifier"
is not received from the client in the Authorization Request, servers is not received from the client in the Authorization Request, servers
supporting backwards compatibility SHOULD revert to a normal OAuth supporting backwards compatibility SHOULD revert to a normal OAuth
2.0 [RFC6749] protocol. 2.0 [RFC6749] protocol.
skipping to change at page 7, line 27 skipping to change at page 7, line 4
The security model relies on the fact that the code verifier is not The security model relies on the fact that the code verifier is not
learned or guessed by the attacker. It is vitally important to learned or guessed by the attacker. It is vitally important to
adhere to this principle. As such, the code verifier has to be adhere to this principle. As such, the code verifier has to be
created in such a manner that it is cryptographically random and has created in such a manner that it is cryptographically random and has
high entropy that it is not practical for the attacker to guess. It high entropy that it is not practical for the attacker to guess. It
is RECOMMENDED that the output of a suitable random number generator is RECOMMENDED that the output of a suitable random number generator
be used to create a 32-octet sequence. be used to create a 32-octet sequence.
7.2. Protection against eavesdroppers 7.2. Protection against eavesdroppers
Unless there is a compelling reason, implementations SHOULD use Unless there is a compelling reason, implementations SHOULD use
"S256" method to protect against eavesdroppers intercepting the "S256" method to protect against eavesdroppers intercepting the
"code_challenge". If the no transformation algorithm, which is the "code_challenge". If the no transformation algorithm, which is the
default algorithm, is used, the client SHOULD make sure that the default algorithm, is used, the client SHOULD make sure that the
authorization request is adequately protected from an eavesdropper. authorization request is adequately protected from an eavesdropper.
If "code_challenge" is to be returned inside authorization "code", it If "code_challenge" is to be returned inside authorization "code", it
has to be encrypted in such a manner that only the server can decrypt has to be encrypted in such a manner that only the server can decrypt
and extract it. and extract it.
7.3. Chekcing the Server support 7.3. Checking the Server support
Before starting the authorization process, the client SHOULD make Before starting the authorization process, the client SHOULD check if
sure that the server supports this specification. Confirmation of the server supports this specification. Confirmation of the server
the server support may be obtained out-of-band or through some other support may be obtained out-of-band or through some other mechanisms
mechanisms such as the discovery document in OpenID Connect Discovery such as the discovery document in OpenID Connect Discovery
[OpenID.Discovery]. The exact mechanism on how the client obtains [OpenID.Discovery]. The exact mechanism on how the client obtains
this information is out of scope of this specification. this information, or the action it takes as a result is out of scope
of this specification.
7.4. OAuth security considerations 7.4. OAuth security considerations
All the OAuth security analysis presented in [RFC6819] applies so All the OAuth security analysis presented in [RFC6819] applies so
readers SHOULD carefully follow it. readers SHOULD carefully follow it.
8. Acknowledgements 8. Acknowledgements
The initial draft of this specification was created by the OpenID AB/ The initial draft of this specification was created by the OpenID AB/
Connect Working Group of the OpenID Foundation, by most notably of Connect Working Group of the OpenID Foundation, most notably by the
the following people: following people:
o Naveen Agarwal, Google o Naveen Agarwal, Google
o Dirk Balfanz, Google o Dirk Balfanz, Google
o Sergey Beryozkin o Sergey Beryozkin
o John Bradley, Ping Identity o John Bradley, Ping Identity
o Brian Campbell, Ping Identity o Brian Campbell, Ping Identity
o William Denniss, Google o William Denniss, Google
o Eduardo Gueiros, Jive Communications o Eduardo Gueiros, Jive Communications
o Phil Hunt, Oracle o Phil Hunt, Oracle
o Ryo Ito, mixi o Ryo Ito, mixi
o Michael B. Jones, Microsoft o Michael B. Jones, Microsoft
o Torsten Lodderstedt, Deutsche Telekom o Torsten Lodderstedt, Deutsche Telekom
o Breno de Medeiros, Google o Breno de Medeiros, Google
o Prateek Mishra, Oracle o Prateek Mishra, Oracle
o Anthony Nadalin, Microsoft o Anthony Nadalin, Microsoft
o Axel Nenker, Deutsche Telekom o Axel Nenker, Deutsche Telekom
o Nat Sakimura, Nomura Research Institute o Nat Sakimura, Nomura Research Institute
9. Revision History 9. Revision History
skipping to change at page 9, line 27 skipping to change at page 8, line 44
[RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO
10646", STD 63, RFC 3629, November 2003. 10646", STD 63, RFC 3629, November 2003.
[RFC4634] Eastlake, D. and T. Hansen, "US Secure Hash Algorithms [RFC4634] Eastlake, D. and T. Hansen, "US Secure Hash Algorithms
(SHA and HMAC-SHA)", RFC 4634, July 2006. (SHA and HMAC-SHA)", RFC 4634, July 2006.
[RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data
Encodings", RFC 4648, October 2006. Encodings", RFC 4648, October 2006.
[RFC5234] Crocker, D. and P. Overell, "Augmented BNF for Syntax
Specifications: ABNF", STD 68, RFC 5234, January 2008.
[RFC6749] Hardt, D., "The OAuth 2.0 Authorization Framework", RFC [RFC6749] Hardt, D., "The OAuth 2.0 Authorization Framework", RFC
6749, October 2012. 6749, October 2012.
[USASCII] American National Standards Institute, "Coded Character [US-ASCII]
American National Standards Institute, "Coded Character
Set -- 7-bit American Standard Code for Information Set -- 7-bit American Standard Code for Information
Interchange", ANSI X3.4, 1986. Interchange", ANSI X3.4, 1986.
10.2. Informative References 10.2. Informative References
[OpenID.Discovery] [OpenID.Discovery]
Sakimura, N., Bradley, J., Jones, M., and E. Jay, "OpenID Sakimura, N., Bradley, J., Jones, M.B. and E. Jay, "OpenID
Connect Discovery 1.0", February 2014. Connect Discovery 1.0", February 2014.
[RFC4949] Shirey, R., "Internet Security Glossary, Version 2", RFC [RFC6819] Lodderstedt, T., McGloin, M. and P. Hunt, "OAuth 2.0
4949, August 2007.
[RFC6819] Lodderstedt, T., McGloin, M., and P. Hunt, "OAuth 2.0
Threat Model and Security Considerations", RFC 6819, Threat Model and Security Considerations", RFC 6819,
January 2013. January 2013.
Appendix A. Notes on implementing base64url encoding without padding Appendix A. Notes on implementing base64url encoding without padding
This appendix describes how to implement base64url encoding and This appendix describes how to implement base64url encoding and
decoding functions without padding based upon standard base64 decoding functions without padding based upon standard base64
encoding and decoding functions that do use padding. encoding and decoding functions that do use padding.
To be concrete, example C# code implementing these functions is shown To be concrete, example C# code implementing these functions is shown
skipping to change at page 11, line 7 skipping to change at page 10, line 15
An example correspondence between unencoded and encoded values An example correspondence between unencoded and encoded values
follows. The octet sequence below encodes into the string below, follows. The octet sequence below encodes into the string below,
which when decoded, reproduces the octet sequence. which when decoded, reproduces the octet sequence.
3 236 255 224 193 3 236 255 224 193
A-z_4ME A-z_4ME
Authors' Addresses Authors' Addresses
Nat Sakimura (editor) Nat Sakimura, editor
Nomura Research Institute Nomura Research Institute
1-6-5 Marunouchi, Marunouchi Kitaguchi Bldg. 1-6-5 Marunouchi, Marunouchi Kitaguchi Bldg.
Chiyoda-ku, Tokyo 100-0005 Chiyoda-ku, Tokyo 100-0005
Japan Japan
Phone: +81-3-5533-2111 Phone: +81-3-5533-2111
Email: n-sakimura@nri.co.jp Email: n-sakimura@nri.co.jp
URI: http://nat.sakimura.org/ URI: http://nat.sakimura.org/
John Bradley John Bradley
Ping Identity Ping Identity
Casilla 177, Sucursal Talagante Casilla 177, Sucursal Talagante
Talagante, RM Talagante, RM
Chile Chile
Phone: +44 20 8133 3718 Phone: +44 20 8133 3718
Email: ve7jtb@ve7jtb.com Email: ve7jtb@ve7jtb.com
URI: http://www.thread-safe.com/ URI: http://www.thread-safe.com/
Naveen Agarwal Naveen Agarwal
Google Google
1600 Amphitheatre Pkwy
Mountain View, CA 94043
USA
Phone: +1 650-253-0000
Email: naa@google.com Email: naa@google.com
URI: http://google.com/
 End of changes. 50 change blocks. 
92 lines changed or deleted 95 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/