From 676cbfb8151e4e41404e7c04014d7d536fd6d717 Mon Sep 17 00:00:00 2001 From: Aaron Parecki Date: Wed, 20 Jul 2022 19:38:21 -0700 Subject: [PATCH] typo --- draft-ietf-oauth-v2-1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-ietf-oauth-v2-1.md b/draft-ietf-oauth-v2-1.md index a110326..a38d76f 100644 --- a/draft-ietf-oauth-v2-1.md +++ b/draft-ietf-oauth-v2-1.md @@ -777,7 +777,7 @@ context, CSRF refers to requests to the redirection endpoint that do not originate at the authorization server, but a malicious third party (see Section 4.4.1.8. of {{RFC6819}} for details). Clients that have ensured that the authorization server supports the `code_challenge` parameter MAY -rely the CSRF protection provided by that mechanism. In OpenID Connect flows, +rely on the CSRF protection provided by that mechanism. In OpenID Connect flows, validating the `nonce` parameter provides CSRF protection. Otherwise, one-time use CSRF tokens carried in the `state` parameter that are securely bound to the user agent MUST be used for CSRF protection (see