HTTP 400 Bad Request can cause InvalidOperationException

[webley]

If we hit our introspect endpoint with a missing or invalid client_id, it responds with:

400 BadRequest
{"errorCode": "invalid_client", "errorSummary": "Invalid value for 'client_id' parameter."}

Unfortunately because it returns 400 and doesn't have a property named "error", ProtocolResponse.IsError returns false (see IdentityModel 265), OAuth2IntrospectionHandler tries to continue, and we get an exception thrown like the following:

"ClassName": "System.InvalidOperationException",
"Message": "Nullable object must have a value.",
"Source": "System.Private.CoreLib",
"StackTraceString": "   
	at System.Nullable`1.get_Value()
	at IdentityModel.Client.TokenIntrospectionResponse.get_IsActive()
	at IdentityModel.AspNetCore.OAuth2Introspection.OAuth2IntrospectionHandler.HandleAuthenticateAsync()
	at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.AuthenticateAsync()
	at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme)
	at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
	at Microsoft.AspNetCore.MiddlewareAnalysis.AnalysisMiddleware.Invoke(HttpContext httpContext)
	at Microsoft.AspNetCore.Routing.EndpointMiddleware.<Invoke>g__AwaitRequestTask|6_0(Endpoint endpoint, Task requestTask, ILogger logger)
	at Microsoft.AspNetCore.MiddlewareAnalysis.AnalysisMiddleware.Invoke(HttpContext httpContext)
	at Microsoft.AspNetCore.MiddlewareAnalysis.AnalysisMiddleware.Invoke(HttpContext httpContext)
	at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication`1 application)"

We are admittedly not using IdentityServer (instead using OKTA auth servers) so perhaps this scenario is not intended to be supported, but I thought I would mention it as the strange stack trace caused a bit of a headache.

Thanks!

[leastprivilege]

Could you test this again with the latest version?