Describe the bug
When upgrading to spring-security 7.1.0 a custom OidcSessionRegistry can no longer be built in Kotlin.
The documentation for org.springframework.security.oauth2.client.oidc.session.OidcSessionRegistry#removeSessionInformation(java.lang.String) mentions that the result could be null:
Returns: any found OidcSessionInformation, could be null
However, due to the presence of jspecify annotations in the package, the return type must never be null.
To Reproduce
Create a custom implementation of OidcSessionRegistry in kotlin, and observe that the below signature no longer compiles:
override fun removeSessionInformation(clientSessionId: String): OidcSessionInformation?
Expected behavior
org.springframework.security.oauth2.client.oidc.session.OidcSessionRegistry#removeSessionInformation(java.lang.String should declare a nullable return value, as the documentation otherwise specifies
Sample
N/A
Describe the bug
When upgrading to spring-security 7.1.0 a custom OidcSessionRegistry can no longer be built in Kotlin.
The documentation for
org.springframework.security.oauth2.client.oidc.session.OidcSessionRegistry#removeSessionInformation(java.lang.String)mentions that the result could be null:However, due to the presence of jspecify annotations in the package, the return type must never be null.
To Reproduce
Create a custom implementation of OidcSessionRegistry in kotlin, and observe that the below signature no longer compiles:
Expected behavior
org.springframework.security.oauth2.client.oidc.session.OidcSessionRegistry#removeSessionInformation(java.lang.Stringshould declare a nullable return value, as the documentation otherwise specifiesSample
N/A