[keycloak-dev] How to handle empty strings returned by Social login providers in user info - KEYCLOAK-1182

Vlastimil Elias velias at redhat.com
Tue Apr 7 04:57:16 EDT 2015


during latest testing I find problem with empty string returned in email 
field from GitHub social provider, which causes http 500 error in later 
processing (but seems under some other circumstances only, not for all 
cases), see https://issues.jboss.org/browse/KEYCLOAK-1182

When I look into the code used to take used profile informations (email, 
name, id) from Social provider REST responses, it simply takes what is 
returned and do not care too much what is here.

But other Keycloak code (eg search user by email etc) typically only 
check for null values when testing "existence" of information. If value 
is not null then it takes it as existing one, so empty strings may bring 
problems here as it is used as valid email later.

I believe KC should look at what is returned from Social providers and 
convert empty strings to null values.
It is only small change at one place - 
AbstractOAuth2IdentityProvider.getJsonProperty() which resolves this 

What do you think about this solution?

I have patch prepared and it works, I can post it as pull request after 
some additional testing.


Vlastimil Elias
Principal Software Engineer
jboss.org Development Team

More information about the keycloak-dev mailing list