RFC 6749, "The OAuth 2.0 Authorization Framework", October 2012Source of RFC: oauth (sec)
Errata ID: 5379
Reported By: James Manger
Date Reported: 2018-06-06
Section 5.1, 4.2.2 says:
expires_in RECOMMENDED. The lifetime in seconds of the access token. For example, the value "3600" denotes ...
It should say:
expires_in RECOMMENDED. The lifetime in seconds of the access token. For example, the value 3600 denotes ...
The "expires_in" member in JSON must be a numeric value, not a string. Unfortunately quite a few implementations have got this wrong. A likely reason is the quoted value "3600" in the RFC where "expires_in" is defined. The quotes in the text version of the RFC are only an artefact of the marked-up as a protocol value in the RFC production chain.