Closed tm1000 closed 3 years ago
Confirmed, let's what a couple of days, and otherwise we'll extend to fix
Wanted to give more details here on the issue:
The returned response Zoho gives us is as follows:
Array
(
[access_token] => <token>
[expires_in_sec] => 3600
[api_domain] => https://www.zohoapis.com
[token_type] => Bearer
[expires_in] => 3600000
)
As we can see Zoho sets expires_in to be 3600000. I guess this is milliseconds. This violates RFC 6749 section 4.2.2 (https://tools.ietf.org/html/rfc6749#section-4.2.2) and section 5.1 (https://tools.ietf.org/html/rfc6749#section-4.2.2) and section 5.1 (https://tools.ietf.org/html/rfc6749#section-5.1) where it states that this should be:
The lifetime in seconds of the access token
Therefore the Asad library assumes expires_in
is in seconds and what you get is a token that expires in a month instead of a day. Using expires_in_sec
to replace expires_in
is the solution
Zoho sends back it's access token with a non standard
expires_in_sec
in typical zoho form this is not valid according to any specifications. Nor does the Asad library account for this (they probably never had a cache like we do)The solution for this is to just extend \Asad\OAuth2\Client\AccessToken\ZohoAccessToken and set
expires_in
from the value ofexpires_in_sec
or wait for this PR: https://github.com/asadku34/oauth2-zoho/pull/1