[Openid-specs-fapi] Issue #176: JARM: the type of expires_in in authorization response JWT (openid/fapi)
Takahiko Kawasaki
issues-reply at bitbucket.org
Mon Sep 24 23:22:53 UTC 2018
New issue 176: JARM: the type of expires_in in authorization response JWT
https://bitbucket.org/openid/fapi/issues/176/jarm-the-type-of-expires_in-in
Takahiko Kawasaki:
[4.1.2. Response Type "token"](https://openid.net/specs/openid-financial-api-jarm.html#response-type-token) in JARM (Financial-grade API: JWT Secured Authorization Response Mode for OAuth 2.0) shows an example of authorization response as follows:
```
#!json
{
"iss":"https://accounts.example.com",
"aud":"s6BhdRkqt3",
"exp":1311281970,
"access_token":"2YotnFZFEjr1zCsicMWpAA",
"state":"S8NJ7uqk5fY4EjNvP_G_FtyJu6pUsvH9jsYni9dMAJw",
"token_type":"bearer",
"expires_in":"3600",
"scope":"example"
}
```
In the example, the type of the value of the expires_in is "string", but it should be "number" if we strictly follow the definition of expires_in which is found in [A.14. "expires_in" Syntax](https://tools.ietf.org/html/rfc6749?#appendix-A.14) in RFC 6749.
```
#!text
A.14. "expires_in" Syntax
The "expires_in" element is defined in Sections 4.2.2 and 5.1:
expires-in = 1*DIGIT
```
More information about the Openid-specs-fapi
mailing list