From ccd79a446e47e6fd6fdd30ada5ae4ce908d51c84 Mon Sep 17 00:00:00 2001 From: Joe Grandja <10884212+jgrandja@users.noreply.github.com> Date: Wed, 13 Aug 2025 09:55:18 -0400 Subject: [PATCH] Polish gh-1949 --- .../OAuth2RefreshTokenAuthenticationProvider.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationProvider.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationProvider.java index a9e3fbab..a74721f5 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationProvider.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationProvider.java @@ -165,7 +165,7 @@ public final class OAuth2RefreshTokenAuthenticationProvider implements Authentic Jwt dPoPProof = DPoPProofVerifier.verifyIfAvailable(refreshTokenAuthentication); if (dPoPProof != null - & clientPrincipal.getClientAuthenticationMethod().equals(ClientAuthenticationMethod.NONE)) { + && clientPrincipal.getClientAuthenticationMethod().equals(ClientAuthenticationMethod.NONE)) { // For public clients, verify the DPoP Proof public key is same as (current) // access token public key binding Map accessTokenClaims = authorization.getAccessToken().getClaims();