7.3 expires_in and interval should be required to be integers

Issue #145 resolved
Joseph Heenan created an issue

expires_in and interval in the authentication response are (I believe) intended to integers, but it's not actually stated anywhere I could find.

We should probably be explicit that it's a positive integer, or alternatively we could use a more RFC6749 type definition:

A.14. "expires_in" Syntax

The "expires_in" element is defined in Sections 4.2.2 and 5.1:

expires-in = 1*DIGIT

Comments (5)

  1. Brian Campbell

    It's interesting to note that the device flow made it through numerous reviews (WGCL, AD, & IESG) from sometimes pedantic reviewers as well as several implementations with the same missing specificity on effectively the same parameters: https://tools.ietf.org/html/draft-ietf-oauth-device-flow-13#section-3.2

    Nonetheless, specificity in specifications is typically a good thing so a bit more text to indicate that they are to be positive integers should probably be added.

  2. Brian Campbell

    Pull request #56 has proposed changes that make it explicit that expires_in and interval of the Authentication Request Acknowledgement are positive integers represented as JSON numbers

  3. Log in to comment