Empty/missing scope in authorization request produces uncaught exception
Basics
Logistics
Basics
Logistics
Description
If the plain OAuth2 authorization request doesn’t contain any scope value, the following exception is produced right after user authentication:
java.lang.NullPointerException: Cannot invoke "java.util.Collection.iterator()" because "c" is null
It seems to be caused by the fact that the default requested scope function (DefaultRequestedScopeLookupFunction) assumes scope value always to exist in the request. That is the case with OIDC authentication request (which are required by default), but not with the OAuth2 authorization requests.
If the plain OAuth2 authorization request doesn’t contain any scope value, the following exception is produced right after user authentication:
java.lang.NullPointerException: Cannot invoke "java.util.Collection.iterator()" because "c" is nullIt seems to be caused by the fact that the default requested scope function (
DefaultRequestedScopeLookupFunction) assumes scope value always to exist in the request. That is the case with OIDC authentication request (which are required by default), but not with the OAuth2 authorization requests.