[Openid-specs-fapi] Issue #176: JARM: the type of expires_in in authorization response JWT (openid/fapi)

Takahiko Kawasaki issues-reply at bitbucket.org
Mon Sep 24 23:22:53 UTC 2018


New issue 176: JARM: the type of expires_in in authorization response JWT
https://bitbucket.org/openid/fapi/issues/176/jarm-the-type-of-expires_in-in

Takahiko Kawasaki:

[4.1.2. Response Type "token"](https://openid.net/specs/openid-financial-api-jarm.html#response-type-token) in JARM (Financial-grade API: JWT Secured Authorization Response Mode for OAuth 2.0) shows an example of authorization response as follows:


```
#!json

{
   "iss":"https://accounts.example.com",
   "aud":"s6BhdRkqt3",
   "exp":1311281970,
   "access_token":"2YotnFZFEjr1zCsicMWpAA",
   "state":"S8NJ7uqk5fY4EjNvP_G_FtyJu6pUsvH9jsYni9dMAJw",
   "token_type":"bearer",
   "expires_in":"3600",
   "scope":"example"
}
```

In the example, the type of the value of the expires_in is "string", but it should be "number" if we strictly follow the definition of expires_in which is found in [A.14. "expires_in" Syntax](https://tools.ietf.org/html/rfc6749?#appendix-A.14) in RFC 6749.


```
#!text

A.14.  "expires_in" Syntax

   The "expires_in" element is defined in Sections 4.2.2 and 5.1:

     expires-in = 1*DIGIT
```




More information about the Openid-specs-fapi mailing list