Merge pull request #268 from whit537/facebook

work around Facebook's non-conformance

1 files changed, 18 insertions, 2 deletions

diff --git a/oauthlib/oauth2/rfc6749/parameters.py b/oauthlib/oauth2/rfc6749/parameters.py
index 5be5052..0e33768 100644
--- a/oauthlib/oauth2/rfc6749/parameters.py
+++ b/oauthlib/oauth2/rfc6749/parameters.py
@@ -10,6 +10,7 @@ This module contains methods related to `Section 4`_ of the OAuth 2 RFC.
 from __future__ import absolute_import, unicode_literals
 
 import json
+import os
 import time
 try:
     import urlparse
@@ -292,11 +293,25 @@ def parse_token_response(body, scope=None):
     .. _`Section 3.3`: http://tools.ietf.org/html/rfc6749#section-3.3
     .. _`RFC4627`: http://tools.ietf.org/html/rfc4627
     """
-    params = json.loads(body)
+    try:
+        params = json.loads(body)
+    except ValueError:
+
+        # Fall back to URL-encoded string, to support old implementations,
+        # including (at time of writing) Facebook. See:
+        #   https://github.com/idan/oauthlib/issues/267
+
+        params = dict(urlparse.parse_qsl(body))
+        for key in ('expires_in', 'expires'):
+            if key in params:  # cast a couple things to int
+                params[key] = int(params[key])
 
     if 'scope' in params:
         params['scope'] = scope_to_list(params['scope'])
 
+    if 'expires' in params:
+        params['expires_in'] = params.pop('expires')
+
     if 'expires_in' in params:
         params['expires_at'] = time.time() + int(params['expires_in'])
 
@@ -313,7 +328,8 @@ def validate_token_parameters(params, scope=None):
         raise MissingTokenError(description="Missing access token parameter.")
 
     if not 'token_type' in params:
-        raise MissingTokenTypeError()
+        if os.environ.get('OAUTHLIB_STRICT_TOKEN_TYPE'):
+            raise MissingTokenTypeError()
 
     # If the issued access token scope is different from the one requested by
     # the client, the authorization server MUST include the "scope" response