draft-ietf-oauth-spop-06.txt   draft-ietf-oauth-spop-07.txt 
OAuth Working Group N. Sakimura, Ed. OAuth Working Group N. Sakimura, Ed.
Internet-Draft Nomura Research Institute Internet-Draft Nomura Research Institute
Intended status: Standards Track J. Bradley Intended status: Standards Track J. Bradley
Expires: July 26, 2015 Ping Identity Expires: August 4, 2015 Ping Identity
N. Agarwal N. Agarwal
Google Google
January 22, 2015 January 31, 2015
Proof Key for Code Exchange by OAuth Public Clients Proof Key for Code Exchange by OAuth Public Clients
draft-ietf-oauth-spop-06 draft-ietf-oauth-spop-07
Abstract Abstract
OAuth 2.0 public clients utilizing the Authorization Code Grant are OAuth 2.0 public clients utilizing the Authorization Code Grant are
susceptible to the authorization code interception attack. This susceptible to the authorization code interception attack. This
specification describes the attack as well as a technique to mitigate specification describes the attack as well as a technique to mitigate
against the threat. against the threat.
Status of This Memo Status of This Memo
skipping to change at page 1, line 36 skipping to change at page 1, line 36
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on July 26, 2015. This Internet-Draft will expire on August 4, 2015.
Copyright Notice Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 23 skipping to change at page 2, line 23
4. Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . 6 4. Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . 6
4.1. Client creates a code verifier . . . . . . . . . . . . . 6 4.1. Client creates a code verifier . . . . . . . . . . . . . 6
4.2. Client creates the code challenge . . . . . . . . . . . . 6 4.2. Client creates the code challenge . . . . . . . . . . . . 6
4.3. Client sends the code challenge with the authorization 4.3. Client sends the code challenge with the authorization
request . . . . . . . . . . . . . . . . . . . . . . . . . 7 request . . . . . . . . . . . . . . . . . . . . . . . . . 7
4.4. Server returns the code . . . . . . . . . . . . . . . . . 7 4.4. Server returns the code . . . . . . . . . . . . . . . . . 7
4.4.1. Error Response . . . . . . . . . . . . . . . . . . . 7 4.4.1. Error Response . . . . . . . . . . . . . . . . . . . 7
4.5. Client sends the code and the secret to the token 4.5. Client sends the code and the secret to the token
endpoint . . . . . . . . . . . . . . . . . . . . . . . . 8 endpoint . . . . . . . . . . . . . . . . . . . . . . . . 8
4.6. Server verifies code_verifier before returning the tokens 8 4.6. Server verifies code_verifier before returning the tokens 8
5. Compatibility . . . . . . . . . . . . . . . . . . . . . . . . 9 5. Compatibility . . . . . . . . . . . . . . . . . . . . . . . . 8
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9
6.1. OAuth Parameters Registry . . . . . . . . . . . . . . . . 9 6.1. OAuth Parameters Registry . . . . . . . . . . . . . . . . 9
6.2. PKCE Code Challenge Method Registry . . . . . . . . . . . 9 6.2. PKCE Code Challenge Method Registry . . . . . . . . . . . 9
6.2.1. Registration Template . . . . . . . . . . . . . . . . 10 6.2.1. Registration Template . . . . . . . . . . . . . . . . 10
6.2.2. Initial Registry Contents . . . . . . . . . . . . . . 10 6.2.2. Initial Registry Contents . . . . . . . . . . . . . . 10
7. Security Considerations . . . . . . . . . . . . . . . . . . . 11 7. Security Considerations . . . . . . . . . . . . . . . . . . . 11
7.1. Entropy of the code verifier . . . . . . . . . . . . . . 11 7.1. Entropy of the code verifier . . . . . . . . . . . . . . 11
7.2. Protection against eavesdroppers . . . . . . . . . . . . 11 7.2. Protection against eavesdroppers . . . . . . . . . . . . 11
7.3. Checking the Server support . . . . . . . . . . . . . . . 11 7.3. Entropy of the code_verifier . . . . . . . . . . . . . . 11
7.4. Entropy of the code_verifier . . . . . . . . . . . . . . 11 7.4. OAuth security considerations . . . . . . . . . . . . . . 12
7.5. OAuth security considerations . . . . . . . . . . . . . . 12
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 12 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 12
9. Revision History . . . . . . . . . . . . . . . . . . . . . . 13 9. Revision History . . . . . . . . . . . . . . . . . . . . . . 13
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 14 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 14
10.1. Normative References . . . . . . . . . . . . . . . . . . 14 10.1. Normative References . . . . . . . . . . . . . . . . . . 14
10.2. Informative References . . . . . . . . . . . . . . . . . 14 10.2. Informative References . . . . . . . . . . . . . . . . . 14
Appendix A. Notes on implementing base64url encoding without Appendix A. Notes on implementing base64url encoding without
padding . . . . . . . . . . . . . . . . . . . . . . 15 padding . . . . . . . . . . . . . . . . . . . . . . 14
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 16 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 16
1. Introduction 1. Introduction
OAuth 2.0 [RFC6749] public clients are susceptible to the OAuth 2.0 [RFC6749] public clients are susceptible to the
authorization "code" interception attack. authorization "code" interception attack.
The attacker thereby intercepts the authorization code returned from The attacker thereby intercepts the authorization code returned from
the authorization endpoint within communication path not protected by the authorization endpoint within communication path not protected by
TLS, such as inter-app communication within the operating system of TLS, such as inter-app communication within the operating system of
skipping to change at page 4, line 24 skipping to change at page 4, line 21
addition to responses) to the authorization endpoint. The addition to responses) to the authorization endpoint. The
attacker is, however, not able to act as a man-in-the-middle. attacker is, however, not able to act as a man-in-the-middle.
While this is a long list of pre-conditions the described attack has While this is a long list of pre-conditions the described attack has
been observed in the wild and has to be considered in OAuth 2.0 been observed in the wild and has to be considered in OAuth 2.0
deployments. While Section 4.4.1 of [RFC6819] describes mitigation deployments. While Section 4.4.1 of [RFC6819] describes mitigation
techniques they are, unfortunately, not applicable since they rely on techniques they are, unfortunately, not applicable since they rely on
a per-client instance secret or aper client instance redirect URI. a per-client instance secret or aper client instance redirect URI.
To mitigate this attack, this extension utilizes a dynamically To mitigate this attack, this extension utilizes a dynamically
created cryptographically random key called 'code verifier'. The created cryptographically random key called 'code verifier'. A
code verifier is created for every authorization request and its unique code verifier is created for every authorization request and
transformed value, called 'code challenge', is sent to the its transformed value, called 'code challenge', is sent to the
authorization server to obtain the authorization code. The authorization server to obtain the authorization code. The
authorization "code" obtained is then sent to the token endpoint with authorization "code" obtained is then sent to the token endpoint with
the 'code verifier' and the server compares it with the previously the 'code verifier' and the server compares it with the previously
received request code so that it can perform the proof of possession received request code so that it can perform the proof of possession
of the 'code verifier' by the client. This works as the mitigation of the 'code verifier' by the client. This works as the mitigation
since the attacker would not know this one-time key. since the attacker would not know this one-time key.
1.1. Protocol Flow 1.1. Protocol Flow
+--------+ +---------------+ +-------------------+
| |--(A)-- Authorization Request --->| | | Authz Server |
| | + t(code_verifier), t | Resource | +--------+ | +---------------+ |
| | | Owner | | |--(A)- Authorization Request ---->| | |
| |<-(B)--- Authorization Grant -----| | | | + t(code_verifier), t | | Authorization | |
| | +---------------+ | | | | Endpoint | |
| Client | | |<-(B)---- Authorization Code -----| | |
| | +---------------+ | | | +---------------+ |
| |--(C)--- Access Token Request --->| | | Client | | |
| | + code_verifier | Authorization | | | | +---------------+ |
| | | Server | | |--(C)-- Access Token Request ---->| | |
| |<-(D)------ Access Token ---------| | | | + code_verifier | | Token | |
+--------+ +---------------+ | | | | Endpoint | |
| |<-(D)------ Access Token ---------| | |
+--------+ | +---------------+ |
+-------------------+
Figure 2: Abstract Protocol Flow Figure 2: Abstract Protocol Flow
This specification adds additional parameters to the OAuth 2.0 This specification adds additional parameters to the OAuth 2.0
Authorization and Access Token Requests, shown in abstract form in Authorization and Access Token Requests, shown in abstract form in
Figure 1. Figure 1.
A. The client creates and records a secret named the "code_verifier", A. The client creates and records a secret named the "code_verifier",
and derives a transformed version "t(code_verifier)" (referred to and derives a transformed version "t(code_verifier)" (referred to
as the "code_challenge") which is sent in the OAuth 2.0 as the "code_challenge") which is sent in the OAuth 2.0
Authorization Request, along with the transformation method "t". Authorization Request, along with the transformation method "t".
B. The resource owner responds as usual, but records B. The Authorization Endpoint responds as usual, but records
"t(code_verifier)" and the transformation method. "t(code_verifier)" and the transformation method.
C. The client then sends the code to the Access Token Request as C. The client then sends the code in the Access Token Request as
usual, but includes the "code_verifier" secret generated at (A). usual, but includes the "code_verifier" secret generated at (A).
D. The authorization server transforms "code_verifier" and compares D. The authorization server transforms "code_verifier" and compares
it to "t(code_verifier)" from (B). Access is denied if they are it to "t(code_verifier)" from (B). Access is denied if they are
not equal. not equal.
An attacker who intercepts the Authorization Grant at (B) is unable An attacker who intercepts the Authorization Grant at (B) is unable
to redeem it for an Access Token, as they are not in possession of to redeem it for an Access Token, as they are not in possession of
the "code_verifier" secret. the "code_verifier" secret.
2. Notational Conventions 2. Notational Conventions
skipping to change at page 5, line 37 skipping to change at page 5, line 37
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in Key "OPTIONAL" in this document are to be interpreted as described in Key
words for use in RFCs to Indicate Requirement Levels [RFC2119]. If words for use in RFCs to Indicate Requirement Levels [RFC2119]. If
these words are used without being spelled in uppercase then they are these words are used without being spelled in uppercase then they are
to be interpreted with their normal natural language meanings. to be interpreted with their normal natural language meanings.
This specification uses the Augmented Backus-Naur Form (ABNF) This specification uses the Augmented Backus-Naur Form (ABNF)
notation of [RFC5234]. notation of [RFC5234].
BASE64URL(OCTETS) denotes the base64url encoding of OCTETS, per STRING denotes a sequence of zero or more ASCII [RFC0020] characters.
Section 3 producing a ASCII [RFC0020] STRING.
BASE64URL-DECODE(STRING) denotes the base64url decoding of STRING, OCTETS denotes a sequence of zero or more octets.
per Section 3, producing a UTF-8 sequence of octets.
SHA256(STRING) denotes a SHA2 256bit hash [RFC6234] of STRING. ASCII(STRING) denotes the octets of the ASCII [RFC0020]
representation of STRING where STRING is a sequence of zero or more
ASCII characters.
UTF8(STRING) denotes the octets of the UTF-8 [RFC3629] representation BASE64URL(OCTETS) denotes the base64url encoding of OCTETS, per
of STRING. Section 3 producing a STRING.
ASCII(STRING) denotes the octets of the ASCII [RFC0020] BASE64URL-DECODE(STRING) denotes the base64url decoding of STRING,
representation of STRING. per Section 3, producing a sequence of octets.
The concatenation of two values A and B is denoted as A || B. SHA256(OCTETS) denotes a SHA2 256bit hash [RFC6234] of OCTETS.
3. Terminology 3. Terminology
In addition to the terms defined in OAuth 2.0 [RFC6749], this In addition to the terms defined in OAuth 2.0 [RFC6749], this
specification defines the following terms: specification defines the following terms:
code verifier A cryptographically random string that is used to code verifier A cryptographically random string that is used to
correlate the authorization request to the token request. correlate the authorization request to the token request.
code challenge A challenge derived from the code verifier that is code challenge A challenge derived from the code verifier that is
sent in the authorization request, to be verified against later. sent in the authorization request, to be verified against later.
skipping to change at page 6, line 28 skipping to change at page 6, line 28
additional characters. (See Appendix A for notes on implementing additional characters. (See Appendix A for notes on implementing
base64url encoding without padding.) base64url encoding without padding.)
4. Protocol 4. Protocol
4.1. Client creates a code verifier 4.1. Client creates a code verifier
The client first creates a code verifier, "code_verifier", for each The client first creates a code verifier, "code_verifier", for each
OAuth 2.0 [RFC6749] Authorization Request, in the following manner: OAuth 2.0 [RFC6749] Authorization Request, in the following manner:
code_verifier = high entropy cryptographic random ASCII [RFC0020] code_verifier = high entropy cryptographic random STRING using the
octet sequence using the url and filename safe Alphabet [A-Z] / [a-z] url and filename safe Alphabet [A-Z] / [a-z] / [0-9] / "-" / "_" from
/ [0-9] / "-" / "_" from Sec 5 of RFC 4648 [RFC4648], with length Sec 5 of RFC 4648 [RFC4648], with length less than 128 characters.
less than 128 characters.
ABNF for "code_verifier" is as follows. ABNF for "code_verifier" is as follows.
code-verifier = 42*128unreserved code-verifier = 42*128unreserved
unreserved = ALPHA / DIGIT / "-" / "_" unreserved = ALPHA / DIGIT / "-" / "_"
ALPHA = %x41-5A / %x61-7A ALPHA = %x41-5A / %x61-7A
DIGIT = %x30-39 DIGIT = %x30-39
NOTE: code verifier SHOULD have enough entropy to make it impractical NOTE: code verifier SHOULD have enough entropy to make it impractical
to guess the value. It is RECOMMENDED that the output of a suitable to guess the value. It is RECOMMENDED that the output of a suitable
skipping to change at page 7, line 4 skipping to change at page 6, line 52
Octet sequence is then BASE64URL encoded to produce a 42-octet URL Octet sequence is then BASE64URL encoded to produce a 42-octet URL
safe string to use as the code verifier. safe string to use as the code verifier.
4.2. Client creates the code challenge 4.2. Client creates the code challenge
The client then creates a code challenge, "code_challenge", derived The client then creates a code challenge, "code_challenge", derived
from the "code_verifier" by using one of the following from the "code_verifier" by using one of the following
transformations on the "code_verifier": transformations on the "code_verifier":
plain "code_challenge" = "code_verifier" plain "code_challenge" = "code_verifier"
S256 "code_challenge" = BASE64URL(SHA256("code_verifier")) S256 "code_challenge" = BASE64URL(SHA256(ASCII("code_verifier")))
It is RECOMMENDED to use the S256 transformation when possible. It is RECOMMENDED to use the S256 transformation when possible.
ABNF for "code_challenge" is as follows. ABNF for "code_challenge" is as follows.
code-challenge = 42*128unreserved code-challenge = 42*128unreserved
unreserved = ALPHA / DIGIT / "-" / "_" unreserved = ALPHA / DIGIT / "-" / "_"
ALPHA = %x41-5A / %x61-7A ALPHA = %x41-5A / %x61-7A
DIGIT = %x30-39 DIGIT = %x30-39
4.3. Client sends the code challenge with the authorization request 4.3. Client sends the code challenge with the authorization request
skipping to change at page 8, line 37 skipping to change at page 8, line 33
Upon receipt of the request at the Access Token endpoint, the server Upon receipt of the request at the Access Token endpoint, the server
verifies it by calculating the code challenge from received verifies it by calculating the code challenge from received
"code_verifier" and comparing it with the previously associated "code_verifier" and comparing it with the previously associated
"code_challenge", after first transforming it according to the "code_challenge", after first transforming it according to the
"code_challenge_method" method specified by the client. "code_challenge_method" method specified by the client.
If the "code_challenge_method" from Section 4.2 was "S256", the If the "code_challenge_method" from Section 4.2 was "S256", the
received "code_verifier" is first hashed with SHA-256 then compared received "code_verifier" is first hashed with SHA-256 then compared
to the base64url decoded "code_challenge". i.e., to the base64url decoded "code_challenge". i.e.,
SHA256("code_verifier" ) == BASE64URL-DECODE("code_challenge"). SHA256(ASCII("code_verifier" )) == BASE64URL-
DECODE("code_challenge").
If the "code_challenge_method" from Section 4.2 was "plain", they are If the "code_challenge_method" from Section 4.2 was "plain", they are
compared directly. i.e., compared directly. i.e.,
"code_challenge" == "code_verifier". "code_challenge" == "code_verifier".
If the values are equal, the Access Token endpoint MUST continue If the values are equal, the Access Token endpoint MUST continue
processing as normal (as defined by OAuth 2.0 [RFC6749]). If the processing as normal (as defined by OAuth 2.0 [RFC6749]). If the
values are not equal, an error response indicating "invalid_grant" as values are not equal, an error response indicating "invalid_grant" as
described in section 5.2 of OAuth 2.0 [RFC6749] MUST be returned. described in section 5.2 of OAuth 2.0 [RFC6749] MUST be returned.
skipping to change at page 11, line 36 skipping to change at page 11, line 34
"S256" method protects against eavesdroppers observing or "S256" method protects against eavesdroppers observing or
intercepting the "code_challenge". If the "plain" method is used, intercepting the "code_challenge". If the "plain" method is used,
there is a chance that it will be observed by the attacker on the there is a chance that it will be observed by the attacker on the
device. The use of "S256" protects against it. device. The use of "S256" protects against it.
If "code_challenge" is to be returned inside authorization "code" to If "code_challenge" is to be returned inside authorization "code" to
achieve a stateless server, it has to be encrypted in such a manner achieve a stateless server, it has to be encrypted in such a manner
that only the server can decrypt and extract it. that only the server can decrypt and extract it.
7.3. Checking the Server support 7.3. Entropy of the code_verifier
Before starting the authorization process, the client SHOULD check if
the server supports this specification. Confirmation of the server
support may be obtained out-of-band or through some other mechanisms
such as the discovery document in OpenID Connect Discovery
[OpenID.Discovery]. The exact mechanism on how the client obtains
this information, or the action it takes as a result is out of scope
of this specification.
7.4. Entropy of the code_verifier
The client SHOULD create a code_verifier with a minimum of 256bits of The client SHOULD create a code_verifier with a minimum of 256bits of
entropy. This can be done by having a suitable random number entropy. This can be done by having a suitable random number
generator create a 32-octet sequence. The Octet sequence can then be generator create a 32-octet sequence. The Octet sequence can then be
Base64url encoded to produce a 42-octet URL safe string to use as a Base64url encoded to produce a 42-octet URL safe string to use as a
code_challenge that has the required entropy. code_challenge that has the required entropy.
Salting is not used in the production of the code_verifier, as the Salting is not used in the production of the code_verifier, as the
code_chalange contains sufficient entropy to prevent brute force code_chalange contains sufficient entropy to prevent brute force
attacks. Concatenating a publicly known value to a code_challenge attacks. Concatenating a publicly known value to a code_challenge
skipping to change at page 12, line 26 skipping to change at page 12, line 12
words that can be hashed offline and the hash looked up in a words that can be hashed offline and the hash looked up in a
dictionary. By concatenating a unique though public value to each dictionary. By concatenating a unique though public value to each
password prior to hashing, the dictionary space that an attacker password prior to hashing, the dictionary space that an attacker
needs to search is greatly expanded. needs to search is greatly expanded.
Modern graphics processors now allow attackers to calculate hashes in Modern graphics processors now allow attackers to calculate hashes in
real time faster than they could be looked up from a disk. This real time faster than they could be looked up from a disk. This
eliminates the value of the salt in increasing the complexity of a eliminates the value of the salt in increasing the complexity of a
brute force attack for even low entropy passwords. brute force attack for even low entropy passwords.
7.5. OAuth security considerations 7.4. OAuth security considerations
All the OAuth security analysis presented in [RFC6819] applies so All the OAuth security analysis presented in [RFC6819] applies so
readers SHOULD carefully follow it. readers SHOULD carefully follow it.
8. Acknowledgements 8. Acknowledgements
The initial draft of this specification was created by the OpenID AB/ The initial draft of this specification was created by the OpenID AB/
Connect Working Group of the OpenID Foundation, most notably by the Connect Working Group of the OpenID Foundation.
following people:
o Anthony Nadalin, Microsoft This specification is the work of the OAuth Working Group, which
o Axel Nenker, Deutsche Telekom includes dozens of active and dedicated participants. In particular,
o Breno de Medeiros, Google the following individuals contributed ideas, feedback, and wording
o Brian Campbell, Ping Identity that shaped and formed the final specification:
o Chuck Mortimore, Salesforce
o Dirk Balfanz, Google Anthony Nadalin, Microsoft
o Eduardo Gueiros, Jive Communications Axel Nenker, Deutsche Telekom
o Hannes Tschonfenig, ARM Breno de Medeiros, Google
o James Manger, Telstra Brian Campbell, Ping Identity
o John Bradley, Ping Identity Chuck Mortimore, Salesforce
o Justin Richer, MIT Kerberos Dirk Balfanz, Google
o Josh Mandel, Boston Children's Hospital Eduardo Gueiros, Jive Communications
o Lewis Adam, Motorola Solutions Hannes Tschonfenig, ARM
o Madjid Nakhjiri, Samsung James Manger, Telstra
o Michael B. Jones, Microsoft John Bradley, Ping Identity
o Nat Sakimura, Nomura Research Institute Justin Richer, MIT Kerberos
o Naveen Agarwal, Google Josh Mandel, Boston Children's Hospital
o Paul Madsen, Ping Identity Lewis Adam, Motorola Solutions
o Phil Hunt, Oracle Madjid Nakhjiri, Samsung
o Prateek Mishra, Oracle Michael B. Jones, Microsoft
o Ryo Ito, mixi Nat Sakimura, Nomura Research Institute
o Scott Tomlinson Naveen Agarwal, Google
o Sergey Beryozkin Paul Madsen, Ping Identity
o Takamichi Saito Phil Hunt, Oracle
o Torsten Lodderstedt, Deutsche Telekom Prateek Mishra, Oracle
o William Denniss, Google Ryo Ito, mixi
Scott Tomilson, Ping Identity
Sergey Beryozkin
Takamichi Saito
Torsten Lodderstedt, Deutsche Telekom
William Denniss, Google
9. Revision History 9. Revision History
-07
o removed unused discovery reference and UTF8
o re #32 added ASCII(STRING) to make clear that it is the byte array
that is being hashed
o re #2 Remove discovery requirement section.
o updated Acknowledgement
o re #32 remove unneeded UTF8(STRING) definition, and define STRING
for ASCII(STRING)
o re #32 remove unneeded utf8 reference from BASE64URL-
DECODE(STRING) def
o resolves #31 unused definition of concatenation
o re #30 Update figure text call out the endpoints
o re #30 Update figure to call out the endpoints
o small wording change to the introduction
-06 -06
o fix date o fix date
o replace spop with pkce for registry and other references o replace spop with pkce for registry and other references
o re #29 change name again o re #29 change name again
o re #27 removed US-ASCII reference o re #27 removed US-ASCII reference
o re #27 updated ABNF for code_verifier o re #27 updated ABNF for code_verifier
o resolves #24 added security consideration for salting o resolves #24 added security consideration for salting
o resolves #29 Changed title o resolves #29 Changed title
o updated reference to RFC4634 to RFC6234 re #27 o updated reference to RFC4634 to RFC6234 re #27
skipping to change at page 14, line 23 skipping to change at page 14, line 29
10. References 10. References
10.1. Normative References 10.1. Normative References
[RFC0020] Cerf, V., "ASCII format for network interchange", RFC 20, [RFC0020] Cerf, V., "ASCII format for network interchange", RFC 20,
October 1969. October 1969.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO
10646", STD 63, RFC 3629, November 2003.
[RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data
Encodings", RFC 4648, October 2006. Encodings", RFC 4648, October 2006.
[RFC5234] Crocker, D. and P. Overell, "Augmented BNF for Syntax [RFC5234] Crocker, D. and P. Overell, "Augmented BNF for Syntax
Specifications: ABNF", STD 68, RFC 5234, January 2008. Specifications: ABNF", STD 68, RFC 5234, January 2008.
[RFC6234] Eastlake, D. and T. Hansen, "US Secure Hash Algorithms [RFC6234] Eastlake, D. and T. Hansen, "US Secure Hash Algorithms
(SHA and SHA-based HMAC and HKDF)", RFC 6234, May 2011. (SHA and SHA-based HMAC and HKDF)", RFC 6234, May 2011.
[RFC6749] Hardt, D., "The OAuth 2.0 Authorization Framework", RFC [RFC6749] Hardt, D., "The OAuth 2.0 Authorization Framework", RFC
6749, October 2012. 6749, October 2012.
10.2. Informative References 10.2. Informative References
[OpenID.Discovery]
Sakimura, N., Bradley, J., Jones, M., and E. Jay, "OpenID
Connect Discovery 1.0", February 2014.
[RFC6819] Lodderstedt, T., McGloin, M., and P. Hunt, "OAuth 2.0 [RFC6819] Lodderstedt, T., McGloin, M., and P. Hunt, "OAuth 2.0
Threat Model and Security Considerations", RFC 6819, Threat Model and Security Considerations", RFC 6819,
January 2013. January 2013.
Appendix A. Notes on implementing base64url encoding without padding Appendix A. Notes on implementing base64url encoding without padding
This appendix describes how to implement base64url encoding and This appendix describes how to implement base64url encoding and
decoding functions without padding based upon standard base64 decoding functions without padding based upon standard base64
encoding and decoding functions that do use padding. encoding and decoding functions that do use padding.
 End of changes. 27 change blocks. 
91 lines changed or deleted 95 lines changed or added

This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/