oltu-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Antonio Sanso (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AMBER-53) "expires_in" field in JSON responses should be a number not a string
Date Tue, 29 May 2012 15:14:23 GMT

    [ https://issues.apache.org/jira/browse/AMBER-53?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13284873#comment-13284873
] 

Antonio Sanso commented on AMBER-53:
------------------------------------

@Raymond good stuff. Can this be resolved ? :)
                
> "expires_in" field in JSON responses should be a number not a string
> --------------------------------------------------------------------
>
>                 Key: AMBER-53
>                 URL: https://issues.apache.org/jira/browse/AMBER-53
>             Project: Amber
>          Issue Type: Bug
>          Components: OAuth 2.0 - Authorization Server
>            Reporter: Alex Osborne
>
> The JSON generated by Amber makes "expires_in" a string.  For example this:
>     OAuthASResponse.tokenResponse(200)
>       .setTokenType("bearer")
>       .setAccessToken("sometoken")
>       .setExpiresIn("3600")
>       .buildJSONMessage()
>       .getBody()
> Results in this JSON:
>     {
>       "expires_in":"3600",
>       "token_type":"bearer",
>       "access_token":"sometoken"
>     }
> Whereas the examples in sections 4.1.4 and 4.3.3 of the OAuth 2.0 (draft 26) spec suggest
it should be a number:
>      {
>        "access_token":"2YotnFZFEjr1zCsicMWpAA",
>        "token_type":"example",
>        "expires_in":3600,
>        "refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA",
>        "example_parameter":"example_value"
>      }
>     https://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-4.1.4
>     https://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-4.3.3
> Confusingly the spec actually uses "3600" in the body text, but I assume the quotes are
there to distinguish it as literal value rather than meaning it should be a JSON string:
>    expires_in
>          RECOMMENDED.  The lifetime in seconds of the access token.  For
>          example, the value "3600" denotes that the access token will
>          expire in one hour from the time the response was generated.
>          If omitted, the authorization server SHOULD provide the
>          expiration time via other means or document the default value.
>     https://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-4.2.2
>     https://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-5.1

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message