chrsmithdemos / google-api-java-client

Automatically exported from code.google.com/p/google-api-java-client
0 stars 0 forks source link

java.lang.IllegalArgumentException: key expires_in #919

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
1.19.0, Java 8 OpenJDK, OSX

Ever since late last week, the ID token response from google's OAuth2 endpoint 
is returning the expires_in value as a string, rather than a number. This 
causes the JSONParser from google's own http client library to be unable to 
decode the string into the Long value found in IdTokenResponse.

Code example:
JsonObjectParser parser = factory.createJsonObjectParser();
IdTokenResponse response = parser.parseAndClose(content, 
Charset.defaultCharset(), IdTokenResponse.class);

Example ID Token Response received from Google:
{
 "access_token": "ya29.1gA.....",
 "token_type": "Bearer",
 "expires_in": "3600",
 "id_token": "eyJhbGciOiJSUzI1NiI..."
}

Exceptions thrown are as follows:
java.lang.IllegalArgumentException: key expires_in
    at com.google.api.client.json.JsonParser.parseValue(JsonParser.java:880) ~[google-http-client-1.19.0.jar:1.19.0]

....
Caused by: java.lang.IllegalArgumentException: key expires_in, field private 
java.lang.Long com.google.api.client.auth.oauth2.TokenResponse.expiresInSeconds
    at com.google.api.client.json.JsonParser.parseValue(JsonParser.java:880) ~[google-http-client-1.19.0.jar:1.19.0]

....

Caused by: java.lang.IllegalArgumentException: number field formatted as a JSON 
string must use the @JsonString annotation
    at com.google.api.client.repackaged.com.google.common.base.Preconditions.checkArgument(Preconditions.java:92) ~[google-http-client-1.19.0.jar:1.19.0]

The solution require three steps. Firstly, the IdTokenResponse object should 
add the JSONString annotation as stated above, so that it is resilient to poor 
upstream implementations. Secondly, Google's HTTP Client's implementation of 
json parsing will need to be able to handle string to long conversions. Lastly, 
the OAuth ID Token endpoint needs to actually return a number, because sending 
a string as the expires_in field is a violation of the OAuth specification.

Original issue reported on code.google.com by krotsch...@gmail.com on 8 Dec 2014 at 2:22

GoogleCodeExporter commented 9 years ago
Moved to: Issue google-http-java-client:272

Original comment by wonder...@google.com on 29 Dec 2014 at 4:18