ID token should not be mandatory in OIDCTokens
I used the OIDCTokenResponseParser to parse a refresh token response. Unfortunately the endpoint does not return a new id_token during refresh, which according to http://openid.net/specs/openid-connect-core-1_0.html#RefreshTokenResponse is valid.
This is the stacktrace is get:
Caused by: com.nimbusds.oauth2.sdk.ParseException: Missing JSON object member with key "id_token" at com.nimbusds.oauth2.sdk.util.JSONObjectUtils.getGeneric(JSONObjectUtils.java:120) at com.nimbusds.oauth2.sdk.util.JSONObjectUtils.getString(JSONObjectUtils.java:256) at com.nimbusds.openid.connect.sdk.token.OIDCTokens.parse(OIDCTokens.java:190) at com.nimbusds.openid.connect.sdk.OIDCTokenResponse.parse(OIDCTokenResponse.java:164) at com.nimbusds.openid.connect.sdk.OIDCTokenResponse.parse(OIDCTokenResponse.java:197) at com.nimbusds.openid.connect.sdk.OIDCTokenResponseParser.parse(OIDCTokenResponseParser.java:78)
I think that the id_token should be made optional.
Comments (5)
-
-
- changed title to ID token should not be mandatory in OIDCTokens
-
Updated the code to make the ID token optional in OIDCTokenResponse: 2def44a
-
- changed status to resolved
The fix was pushed to Maven Central as part of v5.62.
Happy coding!
-
reporter Thanks a lot for your quick response !
- Log in to comment
As a work around, for a response from a refresh token request, use the
TokenResponse
class.