From 68e49918e9828c0416d7a87237bdbc20191ea89d Mon Sep 17 00:00:00 2001
From: Scott Gifford <sgifford@activecampaign.com>
Date: Thu, 21 Oct 2021 08:17:12 -0600
Subject: [PATCH 1/2] verify that expires_at is an int before casting it as
 such.

---
 oauthlib/oauth2/rfc6749/clients/base.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/oauthlib/oauth2/rfc6749/clients/base.py b/oauthlib/oauth2/rfc6749/clients/base.py
index 88065ab33..0c7b6e53f 100644
--- a/oauthlib/oauth2/rfc6749/clients/base.py
+++ b/oauthlib/oauth2/rfc6749/clients/base.py
@@ -512,7 +512,7 @@ def populate_token_attributes(self, response):
             self.expires_in = response.get('expires_in')
             self._expires_at = time.time() + int(self.expires_in)
 
-        if 'expires_at' in response:
+        if 'expires_at' in response and isinstance(response.get('expires_at'), int):
             self._expires_at = int(response.get('expires_at'))
 
         if 'mac_key' in response:

From 8c4b32d8bac1594ee6bcf9bf25708f9fcb869d67 Mon Sep 17 00:00:00 2001
From: Scott Gifford <sgifford@activecampaign.com>
Date: Thu, 21 Oct 2021 13:39:43 -0600
Subject: [PATCH 2/2] casting expires_at as int within try catch with test.

---
 oauthlib/oauth2/rfc6749/clients/base.py   |  7 +++++--
 tests/oauth2/rfc6749/clients/test_base.py | 24 +++++++++++++++++++++++
 2 files changed, 29 insertions(+), 2 deletions(-)

diff --git a/oauthlib/oauth2/rfc6749/clients/base.py b/oauthlib/oauth2/rfc6749/clients/base.py
index 0c7b6e53f..35a3fd5c5 100644
--- a/oauthlib/oauth2/rfc6749/clients/base.py
+++ b/oauthlib/oauth2/rfc6749/clients/base.py
@@ -512,8 +512,11 @@ def populate_token_attributes(self, response):
             self.expires_in = response.get('expires_in')
             self._expires_at = time.time() + int(self.expires_in)
 
-        if 'expires_at' in response and isinstance(response.get('expires_at'), int):
-            self._expires_at = int(response.get('expires_at'))
+        if 'expires_at' in response:
+            try:
+                self._expires_at = int(response.get('expires_at'))
+            except:
+                self._expires_at = None
 
         if 'mac_key' in response:
             self.mac_key = response.get('mac_key')
diff --git a/tests/oauth2/rfc6749/clients/test_base.py b/tests/oauth2/rfc6749/clients/test_base.py
index c77cfed26..6b4eff071 100644
--- a/tests/oauth2/rfc6749/clients/test_base.py
+++ b/tests/oauth2/rfc6749/clients/test_base.py
@@ -301,3 +301,27 @@ def test_prepare_refresh_token_request(self):
         self.assertEqual(u, url)
         self.assertEqual(h, {'Content-Type': 'application/x-www-form-urlencoded'})
         self.assertFormBodyEqual(b, 'grant_type=refresh_token&scope={}&refresh_token={}'.format(scope, token))
+
+    def test_parse_token_response_invalid_expires_at(self):
+        token_json = ('{   "access_token":"2YotnFZFEjr1zCsicMWpAA",'
+                      '    "token_type":"example",'
+                      '    "expires_at":"2006-01-02T15:04:05Z",'
+                      '    "scope":"/profile",'
+                      '    "example_parameter":"example_value"}')
+        token = {
+            "access_token": "2YotnFZFEjr1zCsicMWpAA",
+            "token_type": "example",
+            "expires_at": "2006-01-02T15:04:05Z",
+            "scope": ["/profile"],
+            "example_parameter": "example_value"
+        }
+
+        client = Client(self.client_id)
+
+        # Parse code and state
+        response = client.parse_request_body_response(token_json, scope=["/profile"])
+        self.assertEqual(response, token)
+        self.assertEqual(None, client._expires_at)
+        self.assertEqual(client.access_token, response.get("access_token"))
+        self.assertEqual(client.refresh_token, response.get("refresh_token"))
+        self.assertEqual(client.token_type, response.get("token_type"))

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml'>
<head>
<title>pFad - Phonifier reborn</title>
<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />
</head>
<body>
<h1>Pfad - The Proxy pFad of &#169; 2024 Garber Painting. All rights reserved.</h1>


<!-- Disclaimer -->
<p>Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.</p>
<br>
<p>Alternative Proxies:</p><p><a href="http://clevelandohioweatherforecast.com/php-proxy/index.php?q=https://patch-diff.githubusercontent.com/raw/oauthlib/oauthlib/pull/783.patch" target="_blank">Alternative Proxy</a></p><p><a href="http://clevelandohioweatherforecast.com/pFad/index.php?u=https://patch-diff.githubusercontent.com/raw/oauthlib/oauthlib/pull/783.patch" target="_blank">pFad Proxy</a></p><p><a href="http://clevelandohioweatherforecast.com/pFad/v3index.php?u=https://patch-diff.githubusercontent.com/raw/oauthlib/oauthlib/pull/783.patch" target="_blank">pFad v3 Proxy</a></p><p><a href="http://clevelandohioweatherforecast.com/pFad/v4index.php?u=https://patch-diff.githubusercontent.com/raw/oauthlib/oauthlib/pull/783.patch" target="_blank">pFad v4 Proxy</a></p></body>
</html>