oltu-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tommaso Teofili <tommaso.teof...@gmail.com>
Subject Re: [jira] [Commented] (AMBER-53) "expires_in" field in JSON responses should be a number not a string
Date Tue, 29 May 2012 19:21:43 GMT
I've added you so you should be able to do that now :-)
Tommaso

2012/5/29 Raymond Feng (JIRA) <jira@apache.org>

>
>    [
> https://issues.apache.org/jira/browse/AMBER-53?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13285025#comment-13285025]
>
> Raymond Feng commented on AMBER-53:
> -----------------------------------
>
> I don't seem to have the rights for Amber JIRA to resolve/close the issue.
>
> > "expires_in" field in JSON responses should be a number not a string
> > --------------------------------------------------------------------
> >
> >                 Key: AMBER-53
> >                 URL: https://issues.apache.org/jira/browse/AMBER-53
> >             Project: Amber
> >          Issue Type: Bug
> >          Components: OAuth 2.0 - Authorization Server
> >            Reporter: Alex Osborne
> >
> > The JSON generated by Amber makes "expires_in" a string.  For example
> this:
> >     OAuthASResponse.tokenResponse(200)
> >       .setTokenType("bearer")
> >       .setAccessToken("sometoken")
> >       .setExpiresIn("3600")
> >       .buildJSONMessage()
> >       .getBody()
> > Results in this JSON:
> >     {
> >       "expires_in":"3600",
> >       "token_type":"bearer",
> >       "access_token":"sometoken"
> >     }
> > Whereas the examples in sections 4.1.4 and 4.3.3 of the OAuth 2.0 (draft
> 26) spec suggest it should be a number:
> >      {
> >        "access_token":"2YotnFZFEjr1zCsicMWpAA",
> >        "token_type":"example",
> >        "expires_in":3600,
> >        "refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA",
> >        "example_parameter":"example_value"
> >      }
> >     https://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-4.1.4
> >     https://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-4.3.3
> > Confusingly the spec actually uses "3600" in the body text, but I assume
> the quotes are there to distinguish it as literal value rather than meaning
> it should be a JSON string:
> >    expires_in
> >          RECOMMENDED.  The lifetime in seconds of the access token.  For
> >          example, the value "3600" denotes that the access token will
> >          expire in one hour from the time the response was generated.
> >          If omitted, the authorization server SHOULD provide the
> >          expiration time via other means or document the default value.
> >     https://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-4.2.2
> >     https://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-5.1
>
> --
> This message is automatically generated by JIRA.
> If you think it was sent incorrectly, please contact your JIRA
> administrators:
> https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
> For more information on JIRA, see: http://www.atlassian.com/software/jira
>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message