Implicit grant does not include the expires_in in the redirect to the user-agent [Archive]

View Full Version : Implicit grant does not include the expires_in in the redirect to the user-agent

wolter

Oct 27th, 2011, 02:07 AM

When using implicit grant the authorization server redirects to the user-agent without expires_in header.
From the required parameters only the access_token is returned.
The expires_in parameter is optional, does this mean the access_token will not expire?

expires_in
OPTIONAL. The lifetime in seconds of the access token. For
example, the value "3600" denotes that the access token will
expire in one hour from the time the response was generated.

Regards,
Wolter

Dave Syer

Oct 27th, 2011, 05:45 AM

If there is no expires_in I would expect that the token will not expire. However it is much more likely simply to be a bug at this stage. Please feel free to raise a JIRA ticket and or a pull request for a fix.

wolter

Oct 27th, 2011, 10:50 AM

Hi Dave,

I've both raised a ticket and created a pull request a fix.
https://jira.springsource.org/browse/SECOAUTH-147