Hi, As mentioned in [1], when we request a self-contained access token with requested claims NPE is thrown.
The root cause is from [2] and [3]. Here we are filtering the claims from request object where access token is null[3]. When we create jwt token, before creating the token we are retrieving the requested claims and add those to jwt claims[2]. So until we got the jwt claims, the JWT won't get created. Created a git issue to track the issue [4]. Seems like this is a deadlock situation. Callback handler needs an access token to populate claims. JwtTokenIssuer is using callback handler to populate claims in order to issue an access token. Looks like a design issue in the jwt access token issuer. Appreciate any input on this. [1] [Dev] Issues with extra claims when using self-signed tokens [2] https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/JWTTokenIssuer.java#L160 [3] https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/v5.6.63/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/openidconnect/DefaultOIDCClaimsCallbackHandler.java#L191 [4] https://github.com/wso2/product-is/issues/3086 Thanks, Nila. -- Nilasini Thirunavukkarasu Software Engineer - WSO2 Email : [email protected] Mobile : +94775241823 Web : http://wso2.com/ <http://wso2.com/signature>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
