Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OIDC token refresh causes NPE if no ID token is returned #29144

Closed
sberyozkin opened this issue Nov 9, 2022 · 3 comments · Fixed by #29214
Closed

OIDC token refresh causes NPE if no ID token is returned #29144

sberyozkin opened this issue Nov 9, 2022 · 3 comments · Fixed by #29214
Labels
area/oidc kind/bug Something isn't working
Milestone
2.14.1.Final

Comments

@sberyozkin
Copy link
Member

Describe the bug

Some OIDC providers do not return ID token in the refresh token grant response since it is optional in the OIDC spec, which causes NPE since Quarkus OIDC does expect it be returned as is done with Keycloak.

Expected behavior

If no ID token is returned - then if the previous ID token has not expired - use it, otherwise use the internally generated ID token which is the case now with the previous token claims minus iat and exp copied

Actual behavior

No response

How to Reproduce?

No response

Output of uname -a or ver

No response

Output of java -version

No response

GraalVM version (if different from Java)

No response

Quarkus version or git rev

No response

Build tool (ie. output of mvnw --version or gradlew --version)

No response

Additional information

No response
@sberyozkin sberyozkin added the kind/bug Something isn't working label Nov 9, 2022
@quarkus-bot quarkus-bot bot added the area/oidc label Nov 9, 2022
@quarkus-bot
Copy link

quarkus-bot bot commented Nov 9, 2022

/cc @pedroigor

@DCCSKrezovic
Copy link

@sberyozkin I have a working prototype that I have tested in production-like scenarios. Should I submit a PR, or have you already done something?

@sberyozkin
Copy link
Member Author

@DCCSKrezovic I've been working on it since yesterday, just about to open a PR; glad you are willing to help :-)

@sberyozkin sberyozkin mentioned this issue Nov 11, 2022
Merged
@quarkus-bot quarkus-bot bot added this to the 2.15 - main milestone Nov 13, 2022
@gsmet gsmet modified the milestones: 2.15 - main, 2.14.1.Final Nov 15, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/oidc kind/bug Something isn't working
Projects
None yet
Milestone
2.14.1.Final
Development

Successfully merging a pull request may close this issue.

Generate ID token if it is not refreshed sberyozkin/quarkus
3 participants
@sberyozkin @gsmet @DCCSKrezovic