OAuth token doesn't follow rfc6750

Cedric_Guine · November 24, 2022, 8:44pm

Hi,
I have a customer trying to obtain an oauth access token from Genesys on a Microsoft azure rest service by using the https://login.cac1.pure.cloud/oauth/token API.

The API return a body with token_type:"bearer" (b in lowercase) which doesn't comply to the rfc6750 with a B in uppercase.
This causes an issue with the Microsoft Azure service which await a token_type:"Bearer" and cannot be modify.

Has anyone encountered this issue before?

RFC:
https://www.rfc-editor.org/rfc/rfc6750#section-4

Regards,
Cédric

Eos_Rios · November 24, 2022, 10:54pm

Note however it does follow RFC 6749 section 5.1 that 6750 replaces which explicitly states

token_type: Required. The type of the token issued as described in Section 7.1. Value is case insensitive.

This is a problem that creeps up in OAuth across multiple platforms and codebases.

You may want to open a customer support case so they can work with you closely in more detail.

Cedric_Guine · November 25, 2022, 8:43pm

Thank you for the clarification @Eos_Rios, i wasn't aware of the RFC 6749
If fact, the customer support suggested me to ask my question here.
I will inform my customer that they should ask Microsoft if they can adjust the expected response and hope they will.

Cédric

Brad_Murlin · December 6, 2022, 4:51am

Option C: Build a middleware service based on yet another platform just to handle the data relay and the difference cases of Bearer.

system · January 6, 2023, 4:52am

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.