From 5ffe1a50a28345bb604b70d41dbc514199b0e252 Mon Sep 17 00:00:00 2001
From: William Kim <wkim@mitre.org>
Date: Fri, 5 Jul 2013 15:14:56 -0400
Subject: [PATCH] Added null-handling for Scope values from the auth request.
 (Without this, a NullPointerException gets thrown with null scope values).

---
 .../oauth2/service/impl/DefaultOAuth2ProviderTokenService.java  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java
index 0a3b67380..525ea2eb0 100644
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java
@@ -191,7 +191,7 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
 		// get the stored scopes from the authentication holder's authorization request; these are the scopes associated with the refresh token
 		Set<String> refreshScopes = new HashSet<String>(refreshToken.getAuthenticationHolder().getAuthentication().getAuthorizationRequest().getScope());
 
-		Set<String> scope = new HashSet<String>(authRequest.getScope());
+		Set<String> scope = authRequest.getScope() == null ? new HashSet<String>() : new HashSet<String>(authRequest.getScope());
 		if (scope != null && !scope.isEmpty()) {
 			// ensure a proper subset of scopes
 			if (refreshScopes != null && refreshScopes.containsAll(scope)) {