jwt-bearer grant fails due to missing client ID

[mwm-twx]

A POST request to the token endpoint with grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer and assertion=<Signed JWT> fails with no.nav.security.mock.oauth2.OAuth2Exception: client_id cannot be null:

no.nav.security.mock.oauth2.OAuth2Exception: client_id cannot be null
    at no.nav.security.mock.oauth2.extensions.NimbusExtensionsKt.clientIdAsString(NimbusExtensions.kt:80)
    at no.nav.security.mock.oauth2.token.RequestMappingTokenCallback.getClaims(OAuth2TokenCallback.kt:95)
    at no.nav.security.mock.oauth2.token.RequestMappingTokenCallback.audience(OAuth2TokenCallback.kt:121)
    at no.nav.security.mock.oauth2.token.OAuth2TokenProvider.exchangeAccessToken(OAuth2TokenProvider.kt:85)
    at no.nav.security.mock.oauth2.grant.JwtBearerGrantHandler.tokenResponse(JwtBearerGrantHandler.kt:27)
    at no.nav.security.mock.oauth2.http.OAuth2HttpRequestHandler.token$lambda$14$lambda$13(OAuth2HttpRequestHandler.kt:176)
    at no.nav.security.mock.oauth2.http.OAuth2HttpRouterKt$routeFromPathAndMethod$1.invoke(OAuth2HttpRouter.kt:209)
    at no.nav.security.mock.oauth2.http.OAuth2HttpRouterKt$routeFromPathAndMethod$1.invoke(OAuth2HttpRouter.kt:198)

The NimbusExtensionsKt code makes an assumption that TokenRequest will have a client ID or a ClientAuthentication instance, but a JWTBearerGrant is an AuthorizationGrant subclass and TokenRequest(URI, AuthorizationGrant) will have no ClientAuthentication.

According to the RFC, there is no client ID expected in a jwt-bearer request (https://datatracker.ietf.org/doc/html/rfc7523#section-4).

[tommytroen]

@mwm-twx fixed in 2.1.10