Bug: The OAuth token response contains a negative expires_in value and an incorrect token_type case ("bearer" vs "Bearer"), which will cause new test assertions to fail.
_{Severity: CRITICAL | Confidence: High}

Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.

Location: tests/sentry/web/frontend/test_oauth_authorize.py#L348

Potential issue: The OAuth token response payload contains two errors. First, the
`expires_in` value is calculated as `timezone.now() - token.expires_at`, which results
in a negative integer. This will cause the new test assertion `assert
int(fragment_d["expires_in"][0]) > 0` to fail and violates the OAuth2 specification,
which requires a positive integer. Second, the implementation returns a lowercase
`token_type` of `"bearer"`, while the updated test asserts the capitalized version
`"Bearer"`. Both issues stem from the implementation not being updated to match new test
expectations.

_{Did we get this right? 👍 / 👎 to inform future reviews.
Reference ID: 7607579}

Bug: Test expects capitalized token_type but production returns lowercase

The test now expects fragment_d["token_type"] == ["Bearer"] with a capital "B", but the production code in oauth_authorize.py at line 444 returns "token_type": "bearer" with a lowercase "b". This mismatch will cause the test to fail. The assertions appear on both lines 344 and 349 (duplicated).

Bug: Test expects positive expires_in but calculation yields negative

The new assertion int(fragment_d["expires_in"][0]) > 0 expects a positive value, but the production code in oauth_authorize.py calculates expires_in as timezone.now() - token.expires_at, which produces a negative number since expires_at is in the future. Interestingly, oauth_token.py has the correct calculation (token.expires_at - timezone.now()). This test will fail against the current production code.