OAuth2 token introspection assuming issuer claim is present

[josephtarbit]

Descrition
In OAuth2TokenIntrospectionAuthenticationProvider::withActiveTokenClaims, jwtClaims.getIssuer().toExternalForm() is called but JwtClaimAccessor::getIssuer can be null therefore a NullPointerException is thrown when the issuer claim is not present.

To Reproduce
By default no issuer claim is appended to the JWT claims, therefore this problem occurs with the default authorization server configuration.

Expected behavior
Null should be properly handled.

[jgrandja]

@Sm0keySa1m0n Were you able to reproduce the NullPointerException? Can you provide a test that demonstrates there is a bug?

[josephtarbit]

Simply introspect a token with no issuer claim and the exception will be thrown. (/oauth2/introspect)

[jgrandja]

Thanks for the report @Sm0keySa1m0n. This is now fixed via 4ccdd2b.