Support expires_in as a number or string (#119)

cluther · web-flow · commit 653ff886ee4f · 2025-01-13T10:48:44.000+01:00
diff --git a/internal/oauth2/oauth2.go b/internal/oauth2/oauth2.go
@@ -325,7 +325,7 @@ func WaitForCallback(clientConfig ClientConfig, serverConfig ServerConfig, hc *h
 
 type TokenResponse struct {
 	AccessToken          string                   `json:"access_token,omitempty"`
-	ExpiresIn            int64                    `json:"expires_in,omitempty"`
+	ExpiresIn            FlexibleInt64            `json:"expires_in,omitempty"`
 	IDToken              string                   `json:"id_token,omitempty"`
 	IssuedTokenType      string                   `json:"issued_token_type,omitempty"`
 	RefreshToken         string                   `json:"refresh_token,omitempty"`
@@ -334,12 +334,49 @@ type TokenResponse struct {
 	AuthorizationDetails []map[string]interface{} `json:"authorization_details,omitempty"`
 }
 
+// FlexibleInt64 is a type that can be unmarshaled from a JSON number or
+// string. This was added to support the `expires_in` field in the token
+// response. Typically it is expressed as a JSON number, but at least
+// login.microsoft.com returns the number as a string.
+type FlexibleInt64 int64
+
+func (f *FlexibleInt64) UnmarshalJSON(b []byte) error {
+	if len(b) == 0 {
+		return fmt.Errorf("cannot unmarshal empty int")
+	}
+
+	// check if we have a number in a string, and parse it if so
+	if b[0] == '"' {
+		var s string
+		if err := json.Unmarshal(b, &s); err != nil {
+			return err
+		}
+
+		i, err := strconv.ParseInt(s, 10, 64)
+		if err != nil {
+			return err
+		}
+
+		*f = FlexibleInt64(i)
+		return nil
+	}
+
+	// finally we assume that we have a number that's not wrapped in a string
+	var i int64
+	if err := json.Unmarshal(b, &i); err != nil {
+		return err
+	}
+
+	*f = FlexibleInt64(i)
+	return nil
+}
+
 func NewTokenResponseFromForm(f url.Values) TokenResponse {
 	expiresIn, _ := strconv.ParseInt(f.Get("expires_in"), 10, 64)
 
 	return TokenResponse{
 		AccessToken:     f.Get("access_token"),
-		ExpiresIn:       expiresIn,
+		ExpiresIn:       FlexibleInt64(expiresIn),
 		IDToken:         f.Get("id_token"),
 		IssuedTokenType: f.Get("issued_token_type"),
 		RefreshToken:    f.Get("refresh_token"),
diff --git a/internal/oauth2/oauth2_test.go b/internal/oauth2/oauth2_test.go
@@ -0,0 +1,54 @@
+package oauth2_test
+
+import (
+	"encoding/json"
+	"testing"
+
+	"github.com/pkg/errors"
+	"github.com/stretchr/testify/require"
+
+	"github.com/cloudentity/oauth2c/internal/oauth2"
+)
+
+func TestUnmarshalExpires(t *testing.T) {
+	tests := map[string]struct {
+		bytes         []byte
+		expectedValue oauth2.FlexibleInt64
+		expectedErr   error
+	}{
+		"number": {
+			bytes:         []byte(`{"expires_in": 3600}`),
+			expectedValue: 3600,
+			expectedErr:   nil,
+		},
+		"number string": {
+			bytes:         []byte(`{"expires_in": "3600"}`),
+			expectedValue: 3600,
+			expectedErr:   nil,
+		},
+		"null": {
+			bytes:         []byte(`{"expires_in": null}`),
+			expectedValue: 0,
+			expectedErr:   nil,
+		},
+		"other string": {
+			bytes:         []byte(`{"expires_in": "foo"}`),
+			expectedValue: 0,
+			expectedErr:   errors.New("invalid syntax"),
+		},
+	}
+
+	for name, test := range tests {
+		t.Run(name, func(t *testing.T) {
+			tokenResponse := oauth2.TokenResponse{}
+			err := json.Unmarshal(test.bytes, &tokenResponse)
+			if test.expectedErr != nil {
+				require.Error(t, err)
+				require.Contains(t, err.Error(), test.expectedErr.Error())
+			} else {
+				require.NoError(t, err)
+				require.Equal(t, test.expectedValue, tokenResponse.ExpiresIn)
+			}
+		})
+	}
+}
