You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@oltu.apache.org by "Antonio Sanso (JIRA)" <ji...@apache.org> on 2012/05/29 17:14:23 UTC

[jira] [Commented] (AMBER-53) "expires_in" field in JSON responses should be a number not a string

    [ https://issues.apache.org/jira/browse/AMBER-53?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13284873#comment-13284873 ] 

Antonio Sanso commented on AMBER-53:
------------------------------------

@Raymond good stuff. Can this be resolved ? :)
                
> "expires_in" field in JSON responses should be a number not a string
> --------------------------------------------------------------------
>
>                 Key: AMBER-53
>                 URL: https://issues.apache.org/jira/browse/AMBER-53
>             Project: Amber
>          Issue Type: Bug
>          Components: OAuth 2.0 - Authorization Server
>            Reporter: Alex Osborne
>
> The JSON generated by Amber makes "expires_in" a string.  For example this:
>     OAuthASResponse.tokenResponse(200)
>       .setTokenType("bearer")
>       .setAccessToken("sometoken")
>       .setExpiresIn("3600")
>       .buildJSONMessage()
>       .getBody()
> Results in this JSON:
>     {
>       "expires_in":"3600",
>       "token_type":"bearer",
>       "access_token":"sometoken"
>     }
> Whereas the examples in sections 4.1.4 and 4.3.3 of the OAuth 2.0 (draft 26) spec suggest it should be a number:
>      {
>        "access_token":"2YotnFZFEjr1zCsicMWpAA",
>        "token_type":"example",
>        "expires_in":3600,
>        "refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA",
>        "example_parameter":"example_value"
>      }
>     https://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-4.1.4
>     https://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-4.3.3
> Confusingly the spec actually uses "3600" in the body text, but I assume the quotes are there to distinguish it as literal value rather than meaning it should be a JSON string:
>    expires_in
>          RECOMMENDED.  The lifetime in seconds of the access token.  For
>          example, the value "3600" denotes that the access token will
>          expire in one hour from the time the response was generated.
>          If omitted, the authorization server SHOULD provide the
>          expiration time via other means or document the default value.
>     https://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-4.2.2
>     https://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-5.1

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira