Romain Manni-Bucau created CXF-7504: ---------------------------------------
Summary: NPE in oauth2 module for jose auth code tokens Key: CXF-7504 URL: https://issues.apache.org/jira/browse/CXF-7504 Project: CXF Issue Type: Bug Affects Versions: 3.2.0 Reporter: Romain Manni-Bucau org.apache.cxf.rs.security.oauth2.provider.JoseSessionTokenProvider#protectStateString calls org.apache.cxf.rs.security.oauth2.provider.JoseSessionTokenProvider#getInitializedEncryptionProvider which calls org.apache.cxf.rs.security.jose.jwe.JweUtils#loadEncryptionProvider(org.apache.cxf.rs.security.jose.jwe.JweHeaders, boolean) with headers == null but in the stack org.apache.cxf.rs.security.jose.jwe.JweUtils#loadKeyEncryptionProvider assumes headers != null which leads to a NPE -- This message was sent by Atlassian JIRA (v6.4.14#64029)