By: Esko Heimonen user 24 Nov 2021 at 1:52 a.m. CST

0 Responses
Esko Heimonen gravatar
Setting JWKS (and omitting JWKS_URI) in oxTrust OpenIDConnect Client configuration is expected to use the explicitly provided JWKS key ("use":"enc") when encrypting ID token. This combination results in NullPointerException at org.gluu.oxauth.model.jwk.JSONWebKeySet.fromJSONObject(JSONWebKeySet(). I believe the root cause likely is that JwrService.encryptJwe() does not inspect if client.getJwksUri() is null and if instead client.getJwks() returns public key information.