Hi,
In the OAuth 2.0 token json field check for 'expires_in' it is assumed that the json field type is Number, and if it isn't an exception is thrown.
From the [RFC page](https://tools.ietf.org/html/rfc6749#page-73) it is clear that this field should indeed be a number:
```
A.14. "expires_in" Syntax
The "expires_in" element is defined in Sections 4.2.2 and 5.1:
expires-in = 1*DIGIT
```
However, elsewhere in the document you also get the following statement:
```
expires_in
RECOMMENDED. The lifetime in seconds of the access token. For
example, the value "3600" denotes that the access token will
expire in one hour from the time the response was generated.
If omitted, the authorization server SHOULD provide the
expiration time via other means or document the default value.
```
I would like to suggest that if the json filed is a string - as in "3600", a cast should be attempted before failing.
Many languages like JavaScript and Java, used for REST SDK have automatic conversions of strings to integers. In C++, I see no harm in attempting a cast to number _before_ failing with a proper exception.
Thoughts?
Thanks!
Adi
In the OAuth 2.0 token json field check for 'expires_in' it is assumed that the json field type is Number, and if it isn't an exception is thrown.
From the [RFC page](https://tools.ietf.org/html/rfc6749#page-73) it is clear that this field should indeed be a number:
```
A.14. "expires_in" Syntax
The "expires_in" element is defined in Sections 4.2.2 and 5.1:
expires-in = 1*DIGIT
```
However, elsewhere in the document you also get the following statement:
```
expires_in
RECOMMENDED. The lifetime in seconds of the access token. For
example, the value "3600" denotes that the access token will
expire in one hour from the time the response was generated.
If omitted, the authorization server SHOULD provide the
expiration time via other means or document the default value.
```
I would like to suggest that if the json filed is a string - as in "3600", a cast should be attempted before failing.
Many languages like JavaScript and Java, used for REST SDK have automatic conversions of strings to integers. In C++, I see no harm in attempting a cast to number _before_ failing with a proper exception.
Thoughts?
Thanks!
Adi