Attempt to invoke virtual method 'boolean java.lang.String.equals(java.lang.Object)' on a null object reference at net.openid.appauth.IdToken.validate(IdToken.java:232)

[Aaron-Ritter]

Description

I'm following the FusionAuth quickstart guide for Android (Kotlin) here: https://fusionauth.io/docs/quickstarts/quickstart-android-kotlin-native While integrating the code, I'm encountering a NullPointerException when attempting to retrieve the authorization state after handling the redirect intent.

The error message indicates a null reference for the authState object:

java.lang.NullPointerException: Attempt to invoke virtual method 'boolean java.lang.String.equals(java.lang.Object)' on a null object reference
    at net.openid.appauth.IdToken.validate(IdToken.java:232)
    at net.openid.appauth.AuthorizationService$TokenRequestTask.onPostExecute(AuthorizationService.java:710)
    at net.openid.appauth.AuthorizationService$TokenRequestTask.onPostExecute(AuthorizationService.java:579)
    at android.os.AsyncTask.finish(AsyncTask.java:771)
    at android.os.AsyncTask.-$$Nest$mfinish(Unknown Source:0)
    at android.os.AsyncTask$InternalHandler.handleMessage(AsyncTask.java:788)
    at android.os.Handler.dispatchMessage(Handler.java:107)
    at android.os.Looper.loopOnce(Looper.java:232)
    at android.os.Looper.loop(Looper.java:317)
    at android.app.ActivityThread.main(ActivityThread.java:8699)
    at java.lang.reflect.Method.invoke(Native Method)
    at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:580)
    at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:886)

Has anyone encountered this issue before? Any suggestions on how to prevent it? Thanks in advance for your help!

Affects versions

v0.1.7

Steps to reproduce

Steps to reproduce the behavior:

1. Start the App
2. Click Login
3. Login with a valid user
4. Once redirected the error happens

Expected behavior

It should not trow an error.

Platform

android emulator with android 14

Community guidelines

All issues filed in this repository must abide by the FusionAuth community guidelines.

[Aaron-Ritter]

The issuer in your tenant does not contain http:// https:// which is required because we are using the Discovery spec from OpenID Connect.

The documentation is not being specific around this, only the quickstart troubleshooting part is mentioning

Double-check the Issuer in the Tenant to make sure it matches the URL that FusionAuth is running at.

[Aaron-Ritter]

We have to update the documentation to clearly specify the requirement for the issuer to contain http:// https:// as required by the Discovery spec from OpenID Connect.

And we need not clarify if we can handle the error in a better way.

[Aaron-Ritter]

The http://fusionauth/<tenantId>/.well-known/openid-configuration contains the issuer used in the tenant.

{
...
  "issuer" : "acme",
...
}

We could check at fetchConfiguration or a step later at getConfiguration the issuer and trow a configuration error.