rocket_oauth2 icon indicating copy to clipboard operation
rocket_oauth2 copied to clipboard
verified publisher icon jebrosen

Do not check token-type.

Open sotnii opened this issue 3 years ago • 1 comments

I'm trying to implement VK OAuth2, but their API responds with JSON like this (idk why, they even put a link to OAuth specs):

{
  "access_token": "533bacf01e11f55b536a565b57531ac114461ae8736d6506a3",
  "expires_in": 43200,
  "user_id": 66748
}

So I need a way to get an access token, but I get this error right now:

Err(
    Error {
        kind: ExchangeFailure,
        source: Some(
            "TokenResponse token_type was missing or not a string",
        ),
    },
)

How can get around with this?

sotnii avatar Aug 23 '22 16:08 sotnii

That's definitely frustrating.

https://www.rfc-editor.org/rfc/rfc6749.html#section-5.1 states this about the token response:

access_token REQUIRED. The access token issued by the authorization server.

Because it's REQUIRED, TokenResponse::token_type() can be defined to return &str. This could be changed, but it would require either:

  • Changing token_type() to return Option<&str> instead (breaking change)
  • Changing token_type() to return "" instead of returning an error (non-breaking change), and return an Option<&str> on a separate method to access the "real" value.

I'm unlikely to develop and test those changes on my own, but I would be inclined to accept a PR.

jebrosen avatar Feb 22 '23 13:02 jebrosen