oltu-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex Osborne (JIRA)" <j...@apache.org>
Subject [jira] [Created] (AMBER-53) "expires_in" field in JSON responses should be a number not a string
Date Mon, 14 May 2012 07:03:51 GMT
Alex Osborne created AMBER-53:
---------------------------------

             Summary: "expires_in" field in JSON responses should be a number not a string
                 Key: AMBER-53
                 URL: https://issues.apache.org/jira/browse/AMBER-53
             Project: Amber
          Issue Type: Bug
          Components: OAuth 2.0 - Authorization Server
            Reporter: Alex Osborne


The JSON generated by Amber makes "expires_in" a string.  For example this:

    OAuthASResponse.tokenResponse(200)
      .setTokenType("bearer")
      .setAccessToken("sometoken")
      .setExpiresIn("3600")
      .buildJSONMessage()
      .getBody()

Results in this JSON:

    {
      "expires_in":"3600",
      "token_type":"bearer",
      "access_token":"sometoken"
    }

Whereas the examples in sections 4.1.4 and 4.3.3 of the OAuth 2.0 (draft 26) spec suggest
it should be a number:

     {
       "access_token":"2YotnFZFEjr1zCsicMWpAA",
       "token_type":"example",
       "expires_in":3600,
       "refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA",
       "example_parameter":"example_value"
     }

    https://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-4.1.4
    https://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-4.3.3

Confusingly the spec actually uses "3600" in the body text, but I assume the quotes are there
to distinguish it as literal value rather than meaning it should be a JSON string:

   expires_in
         RECOMMENDED.  The lifetime in seconds of the access token.  For
         example, the value "3600" denotes that the access token will
         expire in one hour from the time the response was generated.
         If omitted, the authorization server SHOULD provide the
         expiration time via other means or document the default value.

    https://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-4.2.2
    https://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-5.1

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message