You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@oltu.apache.org by "Antonio Sanso (JIRA)" <ji...@apache.org> on 2012/05/29 17:14:23 UTC
[jira] [Commented] (AMBER-53) "expires_in" field in JSON responses
should be a number not a string
[ https://issues.apache.org/jira/browse/AMBER-53?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13284873#comment-13284873 ]
Antonio Sanso commented on AMBER-53:
------------------------------------
@Raymond good stuff. Can this be resolved ? :)
> "expires_in" field in JSON responses should be a number not a string
> --------------------------------------------------------------------
>
> Key: AMBER-53
> URL: https://issues.apache.org/jira/browse/AMBER-53
> Project: Amber
> Issue Type: Bug
> Components: OAuth 2.0 - Authorization Server
> Reporter: Alex Osborne
>
> The JSON generated by Amber makes "expires_in" a string. For example this:
> OAuthASResponse.tokenResponse(200)
> .setTokenType("bearer")
> .setAccessToken("sometoken")
> .setExpiresIn("3600")
> .buildJSONMessage()
> .getBody()
> Results in this JSON:
> {
> "expires_in":"3600",
> "token_type":"bearer",
> "access_token":"sometoken"
> }
> Whereas the examples in sections 4.1.4 and 4.3.3 of the OAuth 2.0 (draft 26) spec suggest it should be a number:
> {
> "access_token":"2YotnFZFEjr1zCsicMWpAA",
> "token_type":"example",
> "expires_in":3600,
> "refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA",
> "example_parameter":"example_value"
> }
> https://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-4.1.4
> https://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-4.3.3
> Confusingly the spec actually uses "3600" in the body text, but I assume the quotes are there to distinguish it as literal value rather than meaning it should be a JSON string:
> expires_in
> RECOMMENDED. The lifetime in seconds of the access token. For
> example, the value "3600" denotes that the access token will
> expire in one hour from the time the response was generated.
> If omitted, the authorization server SHOULD provide the
> expiration time via other means or document the default value.
> https://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-4.2.2
> https://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-5.1
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira