Added null-handling for Scope values from the auth request. (Without this, a NullPointerException gets thrown with null scope values).
parent
ed2223cae3
commit
5ffe1a50a2
|
@ -191,7 +191,7 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
|
|||
// get the stored scopes from the authentication holder's authorization request; these are the scopes associated with the refresh token
|
||||
Set<String> refreshScopes = new HashSet<String>(refreshToken.getAuthenticationHolder().getAuthentication().getAuthorizationRequest().getScope());
|
||||
|
||||
Set<String> scope = new HashSet<String>(authRequest.getScope());
|
||||
Set<String> scope = authRequest.getScope() == null ? new HashSet<String>() : new HashSet<String>(authRequest.getScope());
|
||||
if (scope != null && !scope.isEmpty()) {
|
||||
// ensure a proper subset of scopes
|
||||
if (refreshScopes != null && refreshScopes.containsAll(scope)) {
|
||||
|
|
Loading…
Reference in New Issue