Apache Oltu
  1. Apache Oltu
  2. OLTU-1

"expires_in" field in JSON responses should be a number not a string

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: oauth2-0.22
    • Component/s: oauth2-authzserver
    • Labels:
      None

      Description

      The JSON generated by Amber makes "expires_in" a string. For example this:

      OAuthASResponse.tokenResponse(200)
      .setTokenType("bearer")
      .setAccessToken("sometoken")
      .setExpiresIn("3600")
      .buildJSONMessage()
      .getBody()

      Results in this JSON:

      { "expires_in":"3600", "token_type":"bearer", "access_token":"sometoken" }

      Whereas the examples in sections 4.1.4 and 4.3.3 of the OAuth 2.0 (draft 26) spec suggest it should be a number:

      { "access_token":"2YotnFZFEjr1zCsicMWpAA", "token_type":"example", "expires_in":3600, "refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA", "example_parameter":"example_value" }

      https://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-4.1.4
      https://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-4.3.3

      Confusingly the spec actually uses "3600" in the body text, but I assume the quotes are there to distinguish it as literal value rather than meaning it should be a JSON string:

      expires_in
      RECOMMENDED. The lifetime in seconds of the access token. For
      example, the value "3600" denotes that the access token will
      expire in one hour from the time the response was generated.
      If omitted, the authorization server SHOULD provide the
      expiration time via other means or document the default value.

      https://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-4.2.2
      https://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-5.1

        Activity

        Transition Time In Source Status Execution Times Last Executer Last Execution Date
        Open Open Resolved Resolved
        15d 12h 26m 1 Raymond Feng 29/May/12 20:29
        Reopened Reopened Resolved Resolved
        1m 8s 1 Antonio Sanso 26/Mar/13 11:25
        Resolved Resolved Closed Closed
        64d 14h 19m 2 Antonio Sanso 26/Mar/13 11:26
        Closed Closed Reopened Reopened
        236d 1h 38m 2 Antonio Sanso 26/Mar/13 11:28
        Reopened Reopened Closed Closed
        18s 1 Antonio Sanso 26/Mar/13 11:28
        Antonio Sanso made changes -
        Status Reopened [ 4 ] Closed [ 6 ]
        Resolution Fixed [ 1 ]
        Antonio Sanso made changes -
        Fix Version/s 0.22 [ 12324268 ]
        Fix Version/s 0.31 [ 12324266 ]
        Antonio Sanso made changes -
        Resolution Fixed [ 1 ]
        Status Closed [ 6 ] Reopened [ 4 ]
        Antonio Sanso made changes -
        Status Resolved [ 5 ] Closed [ 6 ]
        Assignee Raymond Feng [ rfeng ]
        Antonio Sanso made changes -
        Status Reopened [ 4 ] Resolved [ 5 ]
        Fix Version/s 0.31 [ 12324266 ]
        Resolution Fixed [ 1 ]
        Antonio Sanso made changes -
        Component/s oauth2-authzserver [ 12320547 ]
        Antonio Sanso made changes -
        Resolution Fixed [ 1 ]
        Status Closed [ 6 ] Reopened [ 4 ]
        Simone Tripodi made changes -
        Project Amber [ 12311100 ] Apache Oltu [ 12314420 ]
        Key AMBER-53 OLTU-1
        Component/s OAuth 2.0 - Authorization Server [ 12315016 ]
        Fix Version/s 0.22 [ 12322240 ]
        Antonio Sanso made changes -
        Status Resolved [ 5 ] Closed [ 6 ]
        Tommaso Teofili made changes -
        Fix Version/s 0.22 [ 12322240 ]
        Raymond Feng made changes -
        Field Original Value New Value
        Status Open [ 1 ] Resolved [ 5 ]
        Resolution Fixed [ 1 ]
        Hide
        Raymond Feng added a comment -

        I don't seem to have the rights for Amber JIRA to resolve/close the issue.

        Show
        Raymond Feng added a comment - I don't seem to have the rights for Amber JIRA to resolve/close the issue.
        Hide
        Antonio Sanso added a comment -

        @Raymond good stuff. Can this be resolved ?

        Show
        Antonio Sanso added a comment - @Raymond good stuff. Can this be resolved ?
        Hide
        Alex Osborne added a comment -

        Yeah, I started implementing it and then discovered it propagated type signature changes all over the project. Thanks for the fix.

        Show
        Alex Osborne added a comment - Yeah, I started implementing it and then discovered it propagated type signature changes all over the project. Thanks for the fix.
        Hide
        Raymond Feng added a comment -
        Show
        Raymond Feng added a comment - Fixed under http://svn.apache.org/viewvc?rev=1338534&view=rev
        Hide
        Raymond Feng added a comment -

        It seems to be a bit involved. I have a fix now and will check in soon.

        Show
        Raymond Feng added a comment - It seems to be a bit involved. I have a fix now and will check in soon.
        Hide
        Raymond Feng added a comment -

        Would you like to create a patch to fix the problem? It should be pretty straight forward.

        Show
        Raymond Feng added a comment - Would you like to create a patch to fix the problem? It should be pretty straight forward.
        Alex Osborne created issue -

          People

          • Assignee:
            Raymond Feng
            Reporter:
            Alex Osborne
          • Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development