Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Oauth2 Client expects "expires_in" to be a number #281

Closed
roll57 opened this issue Apr 20, 2021 · 1 comment
Closed

Oauth2 Client expects "expires_in" to be a number #281

roll57 opened this issue Apr 20, 2021 · 1 comment
Assignees
@sjohnr
Labels
type: bug A general bug
Milestone
0.1.2

Comments

@roll57
Copy link

roll57 commented Apr 20, 2021
edited
Loading

Describe the bug
The field expires_in from the POST /oauth2/token is a string, whereas some system expect a number (example Webswing oidc module) which is using google-oauth-java-client

To Reproduce

public final class OAuth2AccessTokenResponseMapConverter ... {
	@Override
	public Map<String, String> convert(OAuth2AccessTokenResponse tokenResponse) {
		...
		parameters.put(OAuth2ParameterNames.EXPIRES_IN, String.valueOf(getExpiresIn(tokenResponse)));
		...
	}
}

Expected behavior
The field should be a number, in the rfc6749 we can see that the example is using a number instead of a string

   {
     "access_token":"2YotnFZFEjr1zCsicMWpAA",
     "token_type":"example",
     "expires_in":3600,
     "refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA",
     "example_parameter":"example_value"
   }
@roll57 roll57 added the type: bug A general bug label Apr 20, 2021
@jgrandja
Copy link
Collaborator

Thanks for the report @roll57. I logged an issue in Spring Security as this needs to be fixed there. See spring-security#9685.

We might be able to get a temporary fix in here until it's fixed there.

@jgrandja jgrandja self-assigned this Apr 27, 2021
@jgrandja jgrandja added this to the 0.1.1 milestone Apr 27, 2021
@jgrandja jgrandja modified the milestones: 0.1.1, 0.1.2 May 7, 2021
@jgrandja jgrandja assigned sjohnr and unassigned jgrandja May 18, 2021
sjohnr added a commit to sjohnr/spring-authorization-server that referenced this issue Jun 22, 2021
@sjohnr
Temporarily fix expires_in for access token response
2482bbb 
TODO: This can be reverted when Spring Security 5.6 is released.

Closes spring-projectsgh-281
sjohnr added a commit to sjohnr/spring-authorization-server that referenced this issue Jun 22, 2021
@sjohnr
Temporarily fix expires_in for access token response
388eadf 
TODO: This can be reverted when Spring Security 5.6 is released.

Closes spring-projectsgh-281
@sjohnr sjohnr mentioned this issue Jun 23, 2021
Closed
doba16 pushed a commit to doba16/spring-authorization-server that referenced this issue Apr 21, 2023
@sjohnr @jgrandja
Temporarily fix expires_in for access token response
f7d9ff2 
TODO: This can be reverted when Spring Security 5.6 is released.

Closes spring-projectsgh-281
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sjohnr sjohnr

Labels
type: bug A general bug
Projects
None yet
Milestone
0.1.2
Development

Successfully merging a pull request may close this issue.

Temporarily fix expires_in for access token response sjohnr/spring-authorization-server
3 participants
@sjohnr @roll57 @jgrandja