" client's misconfigured token endpoint" is confusing

Issue #624 resolved

Nat Sakimura created an issue 2023-09-06

client's misconfigured token endpoint.

is confusing/ambiguous and should be clarified.

‌

Comments (8)

Brian Campbell
The text in question was introduced by PR #429
- 2023-09-06T14:17:40+00:00
Daniel Fett
It should say something like:
instead of ”… at the client's misconfigured token endpoint”

say “… at the token endpoint (which is misconfigured in the client to point to an attacker-controlled URL)”.
- 2023-09-06T14:20:16+00:00
Nat Sakimura reporter
- changed status to open
Agreed in the call Sep 13.
- 2023-09-13T14:18:37+00:00
Nat Sakimura reporter
- assigned issue to
  
  Nat Sakimura
- 2023-09-13T14:18:57+00:00
Nat Sakimura reporter
- assigned issue to
  
  Edmund Jay
- 2023-10-04T00:14:01+00:00
Dave Tonge
- changed status to resolved
pr merged
- 2023-11-22T12:17:57+00:00
Dave Tonge
Merged in fapi1_errata_624 (pull request #449)

fixes ~~#624~~ - "client's misconfigured token endpoint" is confusing
- fixes ~~#624~~ - "client's misconfigured token endpoint" is confusing
- Merged openid/fapi:master into edmundjay/fapi1:fapi1_errata_624
Approved-by: Dave Tonge Approved-by: Brian Campbell Approved-by: Nat Sakimura

→ <<cset b4d82dd41860>>
- 2023-11-22T12:17:59+00:00
Dave Tonge
Merged in fapi1_errata_624 (pull request #449)

fixes ~~#624~~ - "client's misconfigured token endpoint" is confusing
- fixes ~~#624~~ - "client's misconfigured token endpoint" is confusing
- Merged openid/fapi:master into edmundjay/fapi1:fapi1_errata_624
Approved-by: Dave Tonge Approved-by: Brian Campbell Approved-by: Nat Sakimura

→ <<cset b4d82dd41860>>
- 2023-11-22T12:17:59+00:00
Log in to comment

Assignee: Edmund Jay

Type: bug

Priority: major

Status: resolved

Component: FAPI 1: Advanced

Milestone: –

Votes: 0

Watchers: 1