soteria icon indicating copy to clipboard operation
soteria copied to clipboard

NPE when calling jwtClaimsSet.getClaims()

Open hantsy opened this issue 3 years ago • 1 comments

When trying to get auth0, I clone this project and add some debug info the following piece in the https://github.com/eclipse-ee4j/soteria/blob/master/impl/src/main/java/org/glassfish/soteria/mechanisms/openid/domain/AccessTokenImpl.java#L63, the jwtClaimsSet.getClaims()is possible when tokenJWT is a EncryptedJWT.

try {
    this.tokenJWT = JWTParser.parse(token);
    jwtClaimsSet = tokenJWT.getJWTClaimsSet();
    this.claims = jwtClaimsSet.getClaims();
} catch (ParseException ex) {
    // Access token doesn't need to be JWT at all
}

hantsy avatar Oct 02 '22 05:10 hantsy

I found in the original source from Payara there should be a null check

this.claims = jwtClaimsSet == null ? null : jwtClaimsSet.getClaims();

https://github.com/payara/ecosystem-security-connectors/blob/73c4436fddd581b6f64d83c2f03dbba188006a72/openid/src/main/java/fish/payara/security/openid/domain/AccessTokenImpl.java#L90

arrenping avatar Jan 02 '23 15:01 arrenping