Make scope nullable in TokenClaimsSet and its subclasses

Basics

Logistics

Basics

Logistics

Description

For legacy reasons, the scope value in TokenClaimsSet and its token-type specific subclasses is required to be non-null. The flows/endpoints are already compatible with the plain OAuth2 requests: unlike with OIDC, the use of scope is then optional.

For instance SetAuthorizationCodeToResponseContext has tackled the non-null requirement by setting an empty Scope object value to the claims set when scope has been absent in the authorization request. But obviously it should simply use null instead after the claims set allows it.

Environment

None

Linked issues

is related to

JOIDC-176

Scope-parameter is required in some cases with client_credentials grant

JOIDC-212

Empty/missing scope in authorization request produces uncaught exception

Activity

Henri MikkonenJune 7, 2024 at 6:44 AM

Switched scope into nullable in claims sets and builders
Changed authorization code and access token builders to set null instead of empty scope
- SWF actions: BuildAccessToken and SetAuthorizationCodeToResponseContext
Updated and improved tests accordingly

Completed

Details
Assignee
Henri Mikkonen
Reporter
Henri Mikkonen
Components
Foundation
Fix versions
4.2.0

Created June 5, 2024 at 12:53 PM

Updated July 2, 2024 at 11:53 AM

Resolved July 2, 2024 at 11:53 AM

Make scope nullable in TokenClaimsSet and its subclasses

Description

Environment

Linked issues

is related to

Activity

Henri MikkonenJune 7, 2024 at 6:44 AM

DetailsAssigneeHenri MikkonenHenri MikkonenReporterHenri MikkonenHenri MikkonenComponentsFoundationFix versions4.2.0

Details

Assignee

Reporter

Components

Fix versions

Details
Assignee
Henri Mikkonen
Reporter
Henri Mikkonen
Components
Foundation
Fix versions
4.2.0