fix: pr comment

supertokens · Sep 16, 2024 · d8a1b87 · d8a1b87
1 parent bdcdc29
commit d8a1b87
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 8 deletions.
diff --git a/src/main/java/io/supertokens/oauth/OAuthToken.java b/src/main/java/io/supertokens/oauth/OAuthToken.java
@@ -49,9 +49,8 @@ public int getValue() {
     private static Set<String> NON_OVERRIDABLE_TOKEN_PROPS = Set.of(
         "kid", "typ", "alg", "aud",
         "iss", "iat", "exp", "nbf", "jti", "ext",
-        "sid", "rat", "at_hash",
-        "client_id", "scp", "sub", "rsub",
-        "sessionHandle", "tId", "stt"
+        "sid", "rat", "at_hash", "rt_hash",
+        "client_id", "scp", "sub", "stt"
     );
 
     public static JsonObject getPayloadFromJWTToken(AppIdentifier appIdentifier,
@@ -103,9 +102,11 @@ public static String reSignToken(AppIdentifier appIdentifier, Main main, String
         payload.addProperty("iss", iss);
         payload.addProperty("stt", tokenType.getValue());
 
-        for (Map.Entry<String, JsonElement> entry : payloadUpdate.entrySet()) {
-            if (!NON_OVERRIDABLE_TOKEN_PROPS.contains(entry.getKey())) {
-                payload.add(entry.getKey(), entry.getValue());
+        if (payloadUpdate != null) {
+            for (Map.Entry<String, JsonElement> entry : payloadUpdate.entrySet()) {
+                if (!NON_OVERRIDABLE_TOKEN_PROPS.contains(entry.getKey())) {
+                    payload.add(entry.getKey(), entry.getValue());
+                }
             }
         }
 

diff --git a/src/main/java/io/supertokens/webserver/api/oauth/OAuthTokenAPI.java b/src/main/java/io/supertokens/webserver/api/oauth/OAuthTokenAPI.java
@@ -60,7 +60,9 @@ protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws I
         String iss = InputParser.parseStringOrThrowError(input, "iss", false); // input validation
         JsonObject bodyFromSDK = InputParser.parseJsonObjectOrThrowError(input, "inputBody", false);
 
+        // useStaticKeyInput defaults to true, so we check if it has been explicitly set to false
         Boolean useStaticKeyInput = InputParser.parseBooleanOrThrowError(input, "useStaticSigningKey", true);
+        boolean useDynamicKey = Boolean.FALSE.equals(useStaticKeyInput);
 
         Map<String, String> formFields = new HashMap<>();
         for (Map.Entry<String, JsonElement> entry : bodyFromSDK.entrySet()) {
@@ -89,8 +91,6 @@ protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws I
                         JsonObject accessTokenUpdate = InputParser.parseJsonObjectOrThrowError(input, "access_token", true);
                         JsonObject idTokenUpdate = InputParser.parseJsonObjectOrThrowError(input, "id_token", true);
 
-                        // useStaticKeyInput defaults to true, so we check if it has been explicitly set to false
-                        boolean useDynamicKey = Boolean.FALSE.equals(useStaticKeyInput);
                         jsonBody = OAuth.transformTokens(super.main, appIdentifier, storage, jsonBody.getAsJsonObject(), iss, accessTokenUpdate, idTokenUpdate, useDynamicKey);
 
                     } catch (IOException | InvalidConfigException | TenantOrAppNotFoundException | BadPermissionException | StorageQueryException | InvalidKeyException | NoSuchAlgorithmException | InvalidKeySpecException | JWTCreationException | JWTException | StorageTransactionLogicException | UnsupportedJWTSigningAlgorithmException e) {