ramosbugs
accept Microsoft's token responses by default
add support for string-encoded expires_in for Azure AD compatibility
While RFC 6749 Section 5.1 describes expires_in as an integer, Microsoft Azure AD returns this value as a string (e.g., "3600" instead of 3600). This non-compliant behavior has been a known issue since at least 2022, yet remains unresolved.
Given that Microsoft Azure AD is one of the largest OAuth 2.0 identity providers globally, rejecting their token responses due to this technical violation creates a barrier to adoption. Many enterprise applications depend on Azure AD for authentication, making this workaround necessary for real-world compatibility.
This change implements a lenient deserializer that accepts both the standard integer format and Azure's string format, ensuring the library works with RFC-compliant providers while maintaining compatibility with Azure. The fix is transparent to users - existing code continues to work without modification - and adds test coverage for both formats.
fixes https://github.com/ramosbugs/oauth2-rs/issues/191
