diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/session/InMemoryOidcSessionRegistry.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/session/InMemoryOidcSessionRegistry.java index 13da5be113b..ffcba6a0372 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/session/InMemoryOidcSessionRegistry.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/session/InMemoryOidcSessionRegistry.java @@ -50,7 +50,7 @@ public void saveSessionInformation(OidcSessionInformation info) { } @Override - public OidcSessionInformation removeSessionInformation(String clientSessionId) { + public @Nullable OidcSessionInformation removeSessionInformation(String clientSessionId) { OidcSessionInformation information = this.sessions.remove(clientSessionId); if (information != null) { this.logger.trace("Removed client session"); diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/session/OidcSessionRegistry.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/session/OidcSessionRegistry.java index e984dd5eeed..ab0dfee49ae 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/session/OidcSessionRegistry.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/session/OidcSessionRegistry.java @@ -16,6 +16,8 @@ package org.springframework.security.oauth2.client.oidc.session; +import org.jspecify.annotations.Nullable; + import org.springframework.security.oauth2.client.oidc.authentication.logout.OidcLogoutToken; /** @@ -44,7 +46,7 @@ public interface OidcSessionRegistry { * @param clientSessionId the client session * @return any found {@link OidcSessionInformation}, could be {@code null} */ - OidcSessionInformation removeSessionInformation(String clientSessionId); + @Nullable OidcSessionInformation removeSessionInformation(String clientSessionId); /** * Deregister the OIDC Provider sessions referenced by the provided OIDC Logout Token