Quantcast
Channel: WE MOVED to github.com/microsoft/cpprestsdk. This site is not monitored!
Viewing all articles
Browse latest Browse all 4845

Closed Issue: OAuth2 expires_in token json field format [381]

$
0
0
Hi,

In the OAuth 2.0 token json field check for 'expires_in' it is assumed that the json field type is Number, and if it isn't an exception is thrown.

From the [RFC page](https://tools.ietf.org/html/rfc6749#page-73) it is clear that this field should indeed be a number:
```
A.14. "expires_in" Syntax

The "expires_in" element is defined in Sections 4.2.2 and 5.1:

expires-in = 1*DIGIT
```
However, elsewhere in the document you also get the following statement:
```
expires_in
RECOMMENDED. The lifetime in seconds of the access token. For
example, the value "3600" denotes that ...
```
I would like to suggest that if the json field is a string - as in "3600" - a cast should be attempted _before_ failing.

Many languages like JavaScript and Java, used with REST APIs have automatic conversions of strings to integers. In C++, I see no harm in attempting a cast to number _before_ failing with a proper exception.

Thoughts?

Thanks!
Adi



Viewing all articles
Browse latest Browse all 4845

Trending Articles