[NXP-26875] Use a whole number of seconds for the OAuth 2 access token lifetime - Nuxeo Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 9.10-HF29, 10.10-HF02, 11.1, 2021.0
Component/s: OAuth

Tags:
Sprint:
nxfit 11.1.4
Story Points:
2

Description

The RFC stipulates that the expires_in entity-body parameter of the token response is "The lifetime in seconds of the access token."

More precisely, it is defined by expires-in = 1*DIGIT, so it must be a whole number of seconds.

Yet, we are currently using a double value when serializing the "expires_in" field in JSON and this causes some clients to fail reading the token response.

This was discovered while implementing account linking with OAuth 2 for the Nuxeo Google Assistant, see INNOV-21.

Attachments

Activity

People

Assignee:

Antoine Taillefer

Reporter:

Antoine Taillefer

Participants:

Antoine Taillefer, Jenkins

Votes:

0 Vote for this issue

Watchers:

2 Start watching this issue

Dates

Created:

2019-02-27 19:19

Updated:

2020-12-17 16:41

Resolved:

2019-03-05 09:55

Time Tracking

Estimated:

Not Specified

Remaining:

Logged: