Apache Oltu
  1. Apache Oltu
  2. OLTU-1

"expires_in" field in JSON responses should be a number not a string

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: oauth2-0.22
    • Component/s: oauth2-authzserver
    • Labels:
      None

      Description

      The JSON generated by Amber makes "expires_in" a string. For example this:

      OAuthASResponse.tokenResponse(200)
      .setTokenType("bearer")
      .setAccessToken("sometoken")
      .setExpiresIn("3600")
      .buildJSONMessage()
      .getBody()

      Results in this JSON:

      { "expires_in":"3600", "token_type":"bearer", "access_token":"sometoken" }

      Whereas the examples in sections 4.1.4 and 4.3.3 of the OAuth 2.0 (draft 26) spec suggest it should be a number:

      { "access_token":"2YotnFZFEjr1zCsicMWpAA", "token_type":"example", "expires_in":3600, "refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA", "example_parameter":"example_value" }

      https://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-4.1.4
      https://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-4.3.3

      Confusingly the spec actually uses "3600" in the body text, but I assume the quotes are there to distinguish it as literal value rather than meaning it should be a JSON string:

      expires_in
      RECOMMENDED. The lifetime in seconds of the access token. For
      example, the value "3600" denotes that the access token will
      expire in one hour from the time the response was generated.
      If omitted, the authorization server SHOULD provide the
      expiration time via other means or document the default value.

      https://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-4.2.2
      https://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-5.1

        Activity

        Alex Osborne created issue -
        Raymond Feng made changes -
        Field Original Value New Value
        Status Open [ 1 ] Resolved [ 5 ]
        Resolution Fixed [ 1 ]
        Tommaso Teofili made changes -
        Fix Version/s 0.22 [ 12322240 ]
        Antonio Sanso made changes -
        Status Resolved [ 5 ] Closed [ 6 ]
        Simone Tripodi made changes -
        Project Amber [ 12311100 ] Apache Oltu [ 12314420 ]
        Key AMBER-53 OLTU-1
        Component/s OAuth 2.0 - Authorization Server [ 12315016 ]
        Fix Version/s 0.22 [ 12322240 ]
        Antonio Sanso made changes -
        Resolution Fixed [ 1 ]
        Status Closed [ 6 ] Reopened [ 4 ]
        Antonio Sanso made changes -
        Component/s oauth2-authzserver [ 12320547 ]
        Antonio Sanso made changes -
        Status Reopened [ 4 ] Resolved [ 5 ]
        Fix Version/s 0.31 [ 12324266 ]
        Resolution Fixed [ 1 ]
        Antonio Sanso made changes -
        Status Resolved [ 5 ] Closed [ 6 ]
        Assignee Raymond Feng [ rfeng ]
        Antonio Sanso made changes -
        Resolution Fixed [ 1 ]
        Status Closed [ 6 ] Reopened [ 4 ]
        Antonio Sanso made changes -
        Fix Version/s 0.22 [ 12324268 ]
        Fix Version/s 0.31 [ 12324266 ]
        Antonio Sanso made changes -
        Status Reopened [ 4 ] Closed [ 6 ]
        Resolution Fixed [ 1 ]

          People

          • Assignee:
            Raymond Feng
            Reporter:
            Alex Osborne
          • Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development