fix(jans-auth-server): when obtain new token using refresh token, che…

…ck whether scope is null
JanssenProject · Dec 22, 2022 · d9a1426 · d9a1426
1 parent 3028a94
commit d9a1426
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/...-auth-server/server/src/main/java/io/jans/as/server/token/ws/rs/TokenExchangeService.java b/...-auth-server/server/src/main/java/io/jans/as/server/token/ws/rs/TokenExchangeService.java
@@ -66,7 +66,7 @@ public class TokenExchangeService {
     private AttributeService attributeService;
 
     public void rotateDeviceSecretOnRefreshToken(HttpServletRequest httpRequest, AuthorizationGrant refreshGrant, String scope) {
-        if (!scope.contains(ScopeConstants.DEVICE_SSO)) {
+        if (StringUtils.isBlank(scope) || !scope.contains(ScopeConstants.DEVICE_SSO)) {
             return;
         }
         if (StringUtils.isBlank(refreshGrant.getSessionDn())) {