TokenResponse JSON parsing null values as "null" strings
Brian-Durham opened this issue · 0 comments
Checklist:
- I am using the latest release
- I searched for existing GitHub issues
- I read the documentation
- I verified the client configuration matches the information in the identity provider (or I am using dynamic client registration)
- I am either using a custom URI scheme or
httpswith App Links for client redirect. - I can reproduce the issue in the demo app (optional)
Configuration
- Version: 0.11.1
- Integration: Android native Kotlin/Java
- Identity provider: Ping
Issue Description
Our refresh token flow is failing due to:
AuthorizationException: {"type":0,"code":8,"errorDescription":"Unable to parse ID Token"}
Our response:
{ "access_token": "<valid access token>", "refresh_token": "<valid refresh token>", "id_token": null, "scope": "api:read-data api:write-data", "expires_in": 3600, "token_type": "bearer" }
The response we are getting back has id_token as null in JSON, however in line 688 of AuthorizationService.java:
response = new TokenResponse.Builder(mRequest).fromResponseJson(json).build();
and
Line 223 in TokenResponse:
setIdToken(JsonUtil.getStringIfDefined(json, KEY_ID_TOKEN));
It parses the null value as a "null" string, which then fails the id token parsing at line 700 of AuthorizationService.java:
idToken = IdToken.from(response.idToken);
The ask is this, first can the bug be fixed to parse this JSON correctly so null values are not parsed as Strings? Then part 2, if a null value is parsed for id_token, to skip the idToken validation as if the id_token was never sent in the response in line 697 of AuthorizationService.java:
if (response.idToken != null) {
It looks like if a null value is sent, a JSONException will be thrown from JsonUtil.java.