From bad2d870e4cb988e80ee1bb445edfbaafed5aafd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=A9my=20Reynard?= <jeremy.reynard@cosmotech.com>
Date: Wed, 28 Jan 2026 17:05:30 +0100
Subject: [PATCH] Handle null claims in `groupJwtClaim` and `rolesJwtClaim` by
 providing empty list fallback

---
 .../main/kotlin/com/cosmotech/common/utils/SecurityUtils.kt   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/common/src/main/kotlin/com/cosmotech/common/utils/SecurityUtils.kt b/common/src/main/kotlin/com/cosmotech/common/utils/SecurityUtils.kt
index 138aa75cd..aee773d0f 100644
--- a/common/src/main/kotlin/com/cosmotech/common/utils/SecurityUtils.kt
+++ b/common/src/main/kotlin/com/cosmotech/common/utils/SecurityUtils.kt
@@ -59,7 +59,7 @@ fun getCurrentAccountGroups(configuration: CsmPlatformProperties): List<String>
   return getValueFromAuthenticatedToken(configuration) {
     try {
       val jwt = JWTParser.parse(it)
-      jwt.jwtClaimsSet.getStringListClaim(configuration.authorization.groupJwtClaim)
+      jwt.jwtClaimsSet.getStringListClaim(configuration.authorization.groupJwtClaim) ?: emptyList()
     } catch (e: ParseException) {
       JSONObjectUtils.parse(it)[configuration.authorization.groupJwtClaim] as List<String>
     }
@@ -70,7 +70,7 @@ fun getCurrentAuthenticatedRoles(configuration: CsmPlatformProperties): List<Str
   return getValueFromAuthenticatedToken(configuration) {
     try {
       val jwt = JWTParser.parse(it)
-      jwt.jwtClaimsSet.getStringListClaim(configuration.authorization.rolesJwtClaim)
+      jwt.jwtClaimsSet.getStringListClaim(configuration.authorization.rolesJwtClaim) ?: emptyList()
     } catch (e: ParseException) {
       JSONObjectUtils.parse(it)[configuration.authorization.rolesJwtClaim] as List<String>
     }