Spring Security NPE thrown when token response contains a null value

Summary

I have to process a token response containing a null value for the scope key, which fails with a NullPointerException.

Actual Behavior

It looks like a recent change to OAuth2AccessTokenResponseHttpMessageConverter can cause a NPE to be thrown when the token response contains a null value.

Expected Behavior

I'm not sure why the provider includes the key with no value, but I don't believe it's invalid usage... It seems reasonable to support it.

Sample

This response

{
    "access_token": "bigfataccesstokenvalue",
    "expires_in": 3600,
    "token_type": "Bearer",
    "scope": null,
    "refresh_token": "bigfatrefreshtoken"
}

fails at getValue().toString

return this.tokenResponseConverter.convert(
                    tokenResponseParameters.entrySet().stream()
                            .collect(Collectors.toMap(
                                    Map.Entry::getKey,
                                    entry -> entry.getValue().toString())));

FWIW, I've just worked around it with a copy/paste implementation that uses String.valueOf instead.

return this.tokenResponseConverter.convert(
                    tokenResponseParameters.entrySet().stream()
                            .collect(Collectors.toMap(
                                    Map.Entry::getKey,
                                    entry -> String.valueOf(entry.getValue() ))));

Comment From: jgrandja

Thank you for the report @bbruyn. I just pushed the fix.