core: resolve issues with token introspection and sessions

handler/oauth2/strategy_jwt_session.go

@@ -75,6 +75,10 @@ func (s *JWTSession) GetSubject() string {
 }
 
 func (s *JWTSession) Clone() fosite.Session {
+	if s == nil {
+		return nil
+	}
+
 	var clone JWTSession
 	var mod bytes.Buffer
 	enc := gob.NewEncoder(&mod)

handler/openid/strategy_jwt.go

@@ -38,6 +38,10 @@ func NewDefaultSession() *DefaultSession {
 }
 
 func (s *DefaultSession) Clone() fosite.Session {
+	if s == nil {
+		return nil
+	}
+
 	var clone DefaultSession
 	var mod bytes.Buffer
 	enc := gob.NewEncoder(&mod)

introspection_request_handler.go

@@ -101,7 +101,7 @@ func (f *Fosite) NewIntrospectionRequest(ctx context.Context, r *http.Request, s
 			return nil, errors.Wrap(ErrRequestUnauthorized, "Bearer and introspection token are identical")
 		}
 
-		if _, err := f.IntrospectToken(ctx, clientToken, AccessToken, session); err != nil {
+		if _, err := f.IntrospectToken(ctx, clientToken, AccessToken, session.Clone()); err != nil {
 			return nil, errors.Wrap(ErrRequestUnauthorized, "HTTP Authorization header missing, malformed or credentials used are invalid")
 		}
 	} else {

introspection_request_handler_test.go

@@ -86,7 +86,7 @@ func TestNewIntrospectionRequest(t *testing.T) {
 		},
 	} {
 		c.setup()
-		res, err := f.NewIntrospectionRequest(nil, httpreq, nil)
+		res, err := f.NewIntrospectionRequest(nil, httpreq, &DefaultSession{})
 		assert.True(t, errors.Cause(err) == c.expectErr, "(%d) %s\n%s\n%s", k, c.description, err, c.expectErr)
 		if res != nil {
 			assert.Equal(t, c.isActive, res.IsActive())

session.go

@@ -70,6 +70,10 @@ func (s *DefaultSession) GetSubject() string {
 }
 
 func (s *DefaultSession) Clone() Session {
+	if s == nil {
+		return nil
+	}
+
 	var clone DefaultSession
 	var mod bytes.Buffer
 	enc := gob.NewEncoder(&mod)