Skip to content

OidcSessionRegistry nullability issues #19403

Description

@jpmsilva

Describe the bug
When upgrading to spring-security 7.1.0 a custom OidcSessionRegistry can no longer be built in Kotlin.
The documentation for org.springframework.security.oauth2.client.oidc.session.OidcSessionRegistry#removeSessionInformation(java.lang.String) mentions that the result could be null:

Returns: any found OidcSessionInformation, could be null

However, due to the presence of jspecify annotations in the package, the return type must never be null.

To Reproduce
Create a custom implementation of OidcSessionRegistry in kotlin, and observe that the below signature no longer compiles:

override fun removeSessionInformation(clientSessionId: String): OidcSessionInformation?

Expected behavior
org.springframework.security.oauth2.client.oidc.session.OidcSessionRegistry#removeSessionInformation(java.lang.String should declare a nullable return value, as the documentation otherwise specifies

Sample

N/A

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions