Errata: June 11, 2018

Thank you for purchasing OAuth 2 In Action. Please post any errors, other than those listed below, in the book's Author Online Forum. We'll compile a comprehensive list and publish it here for everyone's convenience. Thank you!


Acknowledgements on page xviii

Dave Smiley is accidentally listed as Dave Shepherd. Sorry, Dave.

3.2.2 on page 50

Current text is:


res.render('index', {access_token: body.access_token});
			

Should instead read:


res.render('index', {access_token: body.access_token, scope: scope});
			

4.3.1 on page 67

Three instances of this line:


res.status(403);
			

Should instead read:


res.status(403).end();
			

5.2.2 on page 81

Current text is:

...whether the user clicked the Approve button or the.

Should instead read:

...whether the user clicked the Approve button or the Deny button.

6.1.1 on page 96

Current text is:


nosql.insert({ access_token: access_token, client_id: clientId, scope: rscope });
			

Should instead read:


nosql.insert({ access_token: access_token, client_id: client.client_id, scope: rscope });
			

7.3 on page 126

Current text is:

ch-7-ex-0

Should instead read:

ch-7-ex-1

7.3 on page 126

Context is missing from the final code snippet that starts with:


if (!client.client_id) {
	...
}
			

This code needs to go into the index.html file of the native application and needs to be wrapped with a loading function:


var protectedResource = 'http://localhost:9002/resource';
      
window.onload = function() {

  if (!client.client_id) {
	  ...
  }
}

7.4.1 on page 129

Current text:

redirect_uri=https://yourouauthclient.com/

Should instead read:

redirect_uri=https://yourouauthclient.com/oauth/oauthprovider/callback

8.2.2 on page 148

Current text is:

"...only if they are from served from the same..."

Should instead read:

"...only if they are served from the same..."

9.2 on page 157

Current text is:

if (code.authorizationEndpointRequest.client_id == clientId) {

Should instead read:

if (code.request.client_id == clientId) {

9.4 on page 162

Current text is:

Nevertheless, the attacker hijacked the authorization code though a maliciously crafted URI.

Should instead read:

Nevertheless, the attacker hijacked the authorization code through a maliciously crafted URI.

10.2 on page 170

Current text is:

A token might contain sensitive information about the system and the attacker is then something that they couldn't know otherwise.

Should instead read:

A token might contain sensitive information about the system and the attacker is then exposed to something that they couldn't know otherwise.

10.4.1 on page 178

Highlighting of the code snippet implies that only one line is required to be added, where in reality the entire code snippet needs to be added. The first line of the snippet provides the context of the code to be inserted.

13.5.3 on page 250

Current text is:

/.well-know/webfinger

Should instead read:

/.well-known/webfinger