Closed panva closed 6 months ago
MozharAlhosni
commented
7 months ago Just curious, won't this necessities adding the type for all other parameters? Because a few sentences after the proposed edit, the specification states:
Parameter names and string values are included as JSON strings. Numerical values are included as JSON numbers.
panva
commented
7 months ago Just curious, won't this necessities adding the type for all other parameters?
It might. In the past this awkward definition in a follow up paragraph might've been seen as necessary because the same response parameters and their descriptions were used for the implicit grant response which does not have any data types associated given it's part of the url fragment. With that portion of the spec gone we might as well put the JSON data type in the descriptions for all token response parameters.
This small PR attempts to clarify an unfortunately not that rare mistake of server implementations where they respond with a JSON string and not the expected JSON number.
In between the client implementations I maintain I get a PRs/issues at least twice a year which ask that the clients attempt to normalize the Token Endpoint response expires_in value instead of expecting it to be a number.