I occasionally see a NullPointerException when using pac4j with KeycloakOidcConfiguration. Everything works fine so I think this is healing itself somehow. However the error logs are worrying and I would at least want to understand what causes this.
The stacktrace looks like this:
java.lang.NullPointerException: Cannot invoke "com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata.getCodeChallengeMethods()" because "opMetadataResolver" is null
at org.pac4j.oidc.config.OidcConfiguration.findPkceMethod(OidcConfiguration.java:286)
at org.pac4j.oidc.redirect.OidcRedirectionActionBuilder.addStateAndNonceParameters(OidcRedirectionActionBuilder.java:115)
at org.pac4j.oidc.redirect.OidcRedirectionActionBuilder.getRedirectionAction(OidcRedirectionActionBuilder.java:58)
at org.pac4j.core.client.IndirectClient.getRedirectionAction(IndirectClient.java:136)
at org.pac4j.core.engine.DefaultSecurityLogic.redirectToIdentityProvider(DefaultSecurityLogic.java:240)
at org.pac4j.core.engine.DefaultSecurityLogic.perform(DefaultSecurityLogic.java:160)
at org.pac4j.http4s.SecurityFilterMiddleware$.securityFilter$$anonfun$1$$anonfun$1$$anonfun$1(SecurityFilterMiddleware.scala:76)
pac4jversion: 6.0.4.1
The (redacted) oicd-configuration looks like this
def oidcClient(): OidcClient =
val keycloakClientConfig = KeycloakOidcConfiguration()
keycloakClientConfig.setBaseUri("https://example.com/")
keycloakClientConfig.setRealm("my-realm")
keycloakClientConfig.setClientId("id")
keycloakClientConfig.setSecret("secret")
keycloakClientConfig.setClientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
keycloakClientConfig.setPreferredJwsAlgorithm(JWSAlgorithm.RS256)
val keycloakClient = KeycloakOidcClient(keycloakClientConfig)
keycloakClient.setCallbackUrl("/callback")
keycloakClient.init()
Indeed, this is worrying. The opMetadataResolver property is in fact the resolved OIDC metadata. It looks like that from time to time, the loading of the OIDC metadata fails and returns null. Don't you have any other (network) error?