From 0ad5b44dca691be4d69fea4299268266503985d4 Mon Sep 17 00:00:00 2001
From: tristanessquare <44587610+tristanessquare@users.noreply.github.com>
Date: Tue, 22 Dec 2020 14:02:42 +0100
Subject: [PATCH] Fixed NullPointerException with WWW-Authenticate

---
 .../client/http/OAuth2ErrorResponseErrorHandler.java     | 3 +++
 .../http/OAuth2ErrorResponseErrorHandlerTests.java       | 9 +++++++++
 2 files changed, 12 insertions(+)

diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandler.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandler.java
index 2b50b967ac2..01451a8703f 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandler.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandler.java
@@ -70,6 +70,9 @@ private OAuth2Error readErrorFromWwwAuthenticate(HttpHeaders headers) {
 			return null;
 		}
 		BearerTokenError bearerTokenError = getBearerToken(wwwAuthenticateHeader);
+		if (bearerTokenError == null) {
+			return new OAuth2Error(OAuth2ErrorCodes.SERVER_ERROR, null, null);
+		}
 		String errorCode = (bearerTokenError.getCode() != null) ? bearerTokenError.getCode()
 				: OAuth2ErrorCodes.SERVER_ERROR;
 		String errorDescription = bearerTokenError.getDescription();
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandlerTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandlerTests.java
index 7f33e8e745c..24a267a701b 100644
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandlerTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandlerTests.java
@@ -58,4 +58,13 @@ public void handleErrorWhenErrorResponseWwwAuthenticateHeaderThenHandled() {
 				.withMessage("[insufficient_scope] The access token expired");
 	}
 
+	@Test
+	public void handleErrorWhenErrorResponseWithInvalidWwwAuthenticateHeaderThenHandled() {
+		String invalidWwwAuthenticateHeader = "Unauthorized";
+		MockClientHttpResponse response = new MockClientHttpResponse(new byte[0], HttpStatus.BAD_REQUEST);
+		response.getHeaders().add(HttpHeaders.WWW_AUTHENTICATE, invalidWwwAuthenticateHeader);
+		assertThatExceptionOfType(OAuth2AuthorizationException.class)
+				.isThrownBy(() -> this.errorHandler.handleError(response)).withMessage("[server_error] ");
+	}
+
 }