- changed title to twitch api token response doesn't contain token_type field in it and causes ParseException
- edited description
twitch api token response doesn't contain token_type field in it and causes ParseException
I am trying to integrate the twitch.tv oauth2 to my site.
The twitch token response doesn't have token_type in it:
{"access_token":"xjvy84mrshg1jkjwlrkwy3xrqjvfpq","expires_in":15107,"refresh_token":"59rwd798gzfw3kvsaj5jgvy3r6nsapnjmrpmppag38cysbr8vp","scope":["user:read:email"]}
so when the program parses the response from twitch, it throws an exception: org.springframework.security.oauth2.core.OAuth2AuthenticationException: [invalid_token_response] An error occurred parsing the Access Token response: Missing JSON object member with key "token_type"
I debugged the code, and I see that by default nimbusds uses BearerAccessToken by default. Can we make some enhancement so that it defaults the token_type to "bearer" if it is not present?
I haven't touch the connect2id code to fix it, but in stead I intercept the response in spring and add the token_type to it before we start parsing the response.
Comments (4)
-
reporter -
- changed status to invalid
Hi,
The
token_type
is a required parameter in OAuth 2.0:https://tools.ietf.org/html/rfc6749#section-5.1
My suggestion is to speak to the twitch.tv guys and inform them to add it.
This is analogous to this Foursquare bug:
https://github.com/spring-projects/spring-security/issues/5118
-
reporter Hi Vladimir,
Yep, I just checked the RFC and confirmed that it is a required field, I will reach out to twitch.tv support to see if they are able to do something to help.
Really appreciate for your quick response.
-
You're welcome!
The
token_type
parameter was put in there to allow other types of token, besides bearer, in future.Happy coding!
- Log in to comment