Skip to content

Null value in expires_in field not handled correctly #672

New issue
New issue
Closed
#675
Closed
Null value in expires_in field not handled correctly#672
#675
Labels
BugOAuth2-ClientThis impact the client part of OAuth2.
Milestone
 
3.1.0
@shssoichiro

Description

@shssoichiro
shssoichiro
opened on Apr 29, 2019

Describe the bug

Some OAuth-based services have been discovered to include the expires_in field, but set it to null. This issue was discovered on our end attempting to authenticate to SurveyMonkey's API. The oauthlib library does not handle this case correctly, and will throw an error if it encounters this.

How to reproduce

  1. Create an account with SurveyMonkey
  2. Create a sample app to test against
  3. Attempt to authenticate using OAuth flow against the sample app
  4. Receive the following error: int() argument must be a string, a bytes-like object or a number, not 'NoneType'

Expected behavior

Ignore the null expires_in field, and continue without throwing an error.

Additional context

The following is an example of a returned payload (access_token hidden for security purposes):

{"access_token":".g.w2***kjP","token_type":"bearer","access_url":"https:\/\/api.surveymonkey.com","expires_in":null}

The following is the stacktrace we receive:

Traceback (most recent call last):
  File "/code/ac_auth/views.py", line 59, in dispatch
    return super().dispatch(request, *args, **kwargs)
  File "/usr/local/lib/python3.7/site-packages/rest_framework/views.py", line 495, in dispatch
    response = self.handle_exception(exc)
  File "/usr/local/lib/python3.7/site-packages/rest_framework/views.py", line 455, in handle_exception
    self.raise_uncaught_exception(exc)
  File "/usr/local/lib/python3.7/site-packages/rest_framework/views.py", line 492, in dispatch
    response = handler(request, *args, **kwargs)
  File "/code/ac_auth/views.py", line 158, in get
    request.get_raw_uri(),
  File "/code/ac_auth/oauth_service.py", line 46, in fetch_access_token
    timeout=CONNECTION_TIMEOUT,
  File "/usr/local/lib/python3.7/site-packages/requests_oauthlib/oauth2_session.py", line 307, in fetch_token
    self._client.parse_request_body_response(r.text, scope=self.scope)
  File "/usr/local/lib/python3.7/site-packages/oauthlib/oauth2/rfc6749/clients/base.py", line 415, in parse_request_body_response
    self.token = parse_token_response(body, scope=scope)
  File "/usr/local/lib/python3.7/site-packages/oauthlib/oauth2/rfc6749/parameters.py", line 422, in parse_token_response
    params['expires_at'] = time.time() + int(params['expires_in'])
TypeError: int() argument must be a string, a bytes-like object or a number, not 'NoneType'

We are using oauthlib 3.0.1 from pip.

  • Are you using OAuth1, OAuth2 or OIDC? OAuth2
  • Are you writing client or server side code? Server-side
  • If client, what provider are you connecting to? N/A
  • Are you using a downstream library, such as requests-oauthlib, django-oauth-toolkit, ...? requests-oauthlib

Metadata

Metadata

Assignees

No one assigned

    Labels

    BugOAuth2-ClientThis impact the client part of OAuth2.

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      pFad - Phonifier reborn

      Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

      Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


      Alternative Proxies:

      Alternative Proxy

      pFad Proxy

      pFad v3 Proxy

      pFad v4 Proxy