From ff24e70db077639bfdfe76e9d9bb333af27f9912 Mon Sep 17 00:00:00 2001
From: Scott Gifford <scottwg1988@gmail.com>
Date: Fri, 22 Oct 2021 00:59:12 -0600
Subject: Bug expires at (#783)

* verify that expires_at is an int before casting it as such.

* casting expires_at as int within try catch with test.

Co-authored-by: Scott Gifford <sgifford@activecampaign.com>
---
 oauthlib/oauth2/rfc6749/clients/base.py   |  5 ++++-
 tests/oauth2/rfc6749/clients/test_base.py | 24 ++++++++++++++++++++++++
 2 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/oauthlib/oauth2/rfc6749/clients/base.py b/oauthlib/oauth2/rfc6749/clients/base.py
index 88065ab..35a3fd5 100644
--- a/oauthlib/oauth2/rfc6749/clients/base.py
+++ b/oauthlib/oauth2/rfc6749/clients/base.py
@@ -513,7 +513,10 @@ class Client:
             self._expires_at = time.time() + int(self.expires_in)
 
         if 'expires_at' in response:
-            self._expires_at = int(response.get('expires_at'))
+            try:
+                self._expires_at = int(response.get('expires_at'))
+            except:
+                self._expires_at = None
 
         if 'mac_key' in response:
             self.mac_key = response.get('mac_key')
diff --git a/tests/oauth2/rfc6749/clients/test_base.py b/tests/oauth2/rfc6749/clients/test_base.py
index c77cfed..6b4eff0 100644
--- a/tests/oauth2/rfc6749/clients/test_base.py
+++ b/tests/oauth2/rfc6749/clients/test_base.py
@@ -301,3 +301,27 @@ class ClientTest(TestCase):
         self.assertEqual(u, url)
         self.assertEqual(h, {'Content-Type': 'application/x-www-form-urlencoded'})
         self.assertFormBodyEqual(b, 'grant_type=refresh_token&scope={}&refresh_token={}'.format(scope, token))
+
+    def test_parse_token_response_invalid_expires_at(self):
+        token_json = ('{   "access_token":"2YotnFZFEjr1zCsicMWpAA",'
+                      '    "token_type":"example",'
+                      '    "expires_at":"2006-01-02T15:04:05Z",'
+                      '    "scope":"/profile",'
+                      '    "example_parameter":"example_value"}')
+        token = {
+            "access_token": "2YotnFZFEjr1zCsicMWpAA",
+            "token_type": "example",
+            "expires_at": "2006-01-02T15:04:05Z",
+            "scope": ["/profile"],
+            "example_parameter": "example_value"
+        }
+
+        client = Client(self.client_id)
+
+        # Parse code and state
+        response = client.parse_request_body_response(token_json, scope=["/profile"])
+        self.assertEqual(response, token)
+        self.assertEqual(None, client._expires_at)
+        self.assertEqual(client.access_token, response.get("access_token"))
+        self.assertEqual(client.refresh_token, response.get("refresh_token"))
+        self.assertEqual(client.token_type, response.get("token_type"))
-- 
cgit v1.2.1