In partitioned_storage.go, a check is made in writeRefreshToken() to see if AccessTokensPartition has an entry for a certain partition key, and if not the partition key is added to RefreshTokensPartition:
|
if m.contract.AccessTokensPartition[partitionKey] == nil { |
If the partition key happens to be in AccessTokensPartition but not RefreshTokensPartition a null pointer will occur when we try to add a value for that key a few lines later.
This behavior has been in the library for a while, and the bug has been dormant and not actively causing problems for two reasons:
- Partition keys for both maps are made from the same
UserAssertionHash, so keys always match
RefreshTokensPartition is updated before AccessTokensPartition, so neither map has a given key until after RefreshTokensPartition is correctly updated
In
partitioned_storage.go, a check is made inwriteRefreshToken()to see ifAccessTokensPartitionhas an entry for a certain partition key, and if not the partition key is added toRefreshTokensPartition:microsoft-authentication-library-for-go/apps/internal/base/storage/partitioned_storage.go
Line 309 in a5559cf
If the partition key happens to be in
AccessTokensPartitionbut notRefreshTokensPartitiona null pointer will occur when we try to add a value for that key a few lines later.This behavior has been in the library for a while, and the bug has been dormant and not actively causing problems for two reasons:
UserAssertionHash, so keys always matchRefreshTokensPartitionis updated beforeAccessTokensPartition, so neither map has a given key until afterRefreshTokensPartitionis correctly updated