Apache Oltu
  1. Apache Oltu
  2. OLTU-1

"expires_in" field in JSON responses should be a number not a string

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: oauth2-0.22
    • Component/s: oauth2-authzserver
    • Labels:
      None

      Description

      The JSON generated by Amber makes "expires_in" a string. For example this:

      OAuthASResponse.tokenResponse(200)
      .setTokenType("bearer")
      .setAccessToken("sometoken")
      .setExpiresIn("3600")
      .buildJSONMessage()
      .getBody()

      Results in this JSON:

      { "expires_in":"3600", "token_type":"bearer", "access_token":"sometoken" }

      Whereas the examples in sections 4.1.4 and 4.3.3 of the OAuth 2.0 (draft 26) spec suggest it should be a number:

      { "access_token":"2YotnFZFEjr1zCsicMWpAA", "token_type":"example", "expires_in":3600, "refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA", "example_parameter":"example_value" }

      https://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-4.1.4
      https://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-4.3.3

      Confusingly the spec actually uses "3600" in the body text, but I assume the quotes are there to distinguish it as literal value rather than meaning it should be a JSON string:

      expires_in
      RECOMMENDED. The lifetime in seconds of the access token. For
      example, the value "3600" denotes that the access token will
      expire in one hour from the time the response was generated.
      If omitted, the authorization server SHOULD provide the
      expiration time via other means or document the default value.

      https://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-4.2.2
      https://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-5.1

        Activity

        Hide
        Raymond Feng added a comment -

        Would you like to create a patch to fix the problem? It should be pretty straight forward.

        Show
        Raymond Feng added a comment - Would you like to create a patch to fix the problem? It should be pretty straight forward.
        Hide
        Raymond Feng added a comment -

        It seems to be a bit involved. I have a fix now and will check in soon.

        Show
        Raymond Feng added a comment - It seems to be a bit involved. I have a fix now and will check in soon.
        Hide
        Raymond Feng added a comment -
        Show
        Raymond Feng added a comment - Fixed under http://svn.apache.org/viewvc?rev=1338534&view=rev
        Hide
        Alex Osborne added a comment -

        Yeah, I started implementing it and then discovered it propagated type signature changes all over the project. Thanks for the fix.

        Show
        Alex Osborne added a comment - Yeah, I started implementing it and then discovered it propagated type signature changes all over the project. Thanks for the fix.
        Hide
        Antonio Sanso added a comment -

        @Raymond good stuff. Can this be resolved ?

        Show
        Antonio Sanso added a comment - @Raymond good stuff. Can this be resolved ?
        Hide
        Raymond Feng added a comment -

        I don't seem to have the rights for Amber JIRA to resolve/close the issue.

        Show
        Raymond Feng added a comment - I don't seem to have the rights for Amber JIRA to resolve/close the issue.

          People

          • Assignee:
            Raymond Feng
            Reporter:
            Alex Osborne
          • Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development