Implement URL-encoding fallback for access tokens

2 files changed, 13 insertions, 2 deletions

diff --git a/oauthlib/oauth2/rfc6749/parameters.py b/oauthlib/oauth2/rfc6749/parameters.py
index 5be5052..fdcf15e 100644
--- a/oauthlib/oauth2/rfc6749/parameters.py
+++ b/oauthlib/oauth2/rfc6749/parameters.py
@@ -292,7 +292,18 @@ def parse_token_response(body, scope=None):
     .. _`Section 3.3`: http://tools.ietf.org/html/rfc6749#section-3.3
     .. _`RFC4627`: http://tools.ietf.org/html/rfc4627
     """
-    params = json.loads(body)
+    try:
+        params = json.loads(body)
+    except ValueError:
+
+        # Fall back to URL-encoded string, to support old implementations,
+        # including (at time of writing) Facebook. See:
+        #   https://github.com/idan/oauthlib/issues/267
+
+        params = dict(urlparse.parse_qsl(body))
+        for key in ('expires_in', 'expires'):
+            if key in params:  # cast a couple things to int
+                params[key] = int(params[key])
 
     if 'scope' in params:
         params['scope'] = scope_to_list(params['scope'])
diff --git a/tests/oauth2/rfc6749/test_parameters.py b/tests/oauth2/rfc6749/test_parameters.py
index 3c25115..340108a 100644
--- a/tests/oauth2/rfc6749/test_parameters.py
+++ b/tests/oauth2/rfc6749/test_parameters.py
@@ -183,7 +183,7 @@ class ParameterTests(TestCase):
         self.assertRaises(Warning, parse_token_response, self.json_response, scope='aaa')
 
     def test_url_encoded_token_response(self):
-        """Verify correct parameter parsing and validation for token responses. """
+        """Verify fallback parameter parsing and validation for token responses. """
         self.assertEqual(parse_token_response(self.url_encoded_response), self.json_dict)
         self.assertRaises(InvalidRequestError, parse_token_response, self.url_encoded_error)
         self.assertRaises(MissingTokenError, parse_token_response, self.url_encoded_notoken)