diff --git a/extensions/servlet/src/main/java/com/stormpath/sdk/servlet/event/TokenRevocationRequestEventListener.java b/extensions/servlet/src/main/java/com/stormpath/sdk/servlet/event/TokenRevocationRequestEventListener.java index d934a8d905..e6eb10bcb5 100644 --- a/extensions/servlet/src/main/java/com/stormpath/sdk/servlet/event/TokenRevocationRequestEventListener.java +++ b/extensions/servlet/src/main/java/com/stormpath/sdk/servlet/event/TokenRevocationRequestEventListener.java @@ -33,6 +33,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; /** @@ -82,8 +83,11 @@ private void revokeAccessToken(LogoutRequestEvent event) { private void revokeRefreshToken(LogoutRequestEvent event) { HttpServletRequest request = event.getRequest(); - String refreshToken = refreshTokenCookieResolver.get(request, null).getValue(); - revokeToken(refreshToken, TokenTypeHint.REFRESH_TOKEN, request); + Cookie refreshTokenCookie = refreshTokenCookieResolver.get(request, null); + if (refreshTokenCookie != null) { + String refreshToken = refreshTokenCookie.getValue(); + revokeToken(refreshToken, TokenTypeHint.REFRESH_TOKEN, request); + } } private void revokeToken(String token, TokenTypeHint tokenTypeHint, HttpServletRequest request) { diff --git a/impl/src/main/java/com/stormpath/sdk/impl/ds/DefaultDataStore.java b/impl/src/main/java/com/stormpath/sdk/impl/ds/DefaultDataStore.java index 7fd35a11f2..d2fd52e989 100644 --- a/impl/src/main/java/com/stormpath/sdk/impl/ds/DefaultDataStore.java +++ b/impl/src/main/java/com/stormpath/sdk/impl/ds/DefaultDataStore.java @@ -475,8 +475,7 @@ public ResourceDataResult filter(final ResourceDataRequest req) { // if this is an Okta CRUD operation, we must use a PUT and not a POST HttpMethod method = HttpMethod.POST; - if ((href.matches(".*\\/api\\/v1\\/users\\/\\w*$") - || href.matches(".*/api/v1/groups/.*")) + if ((href.matches(".*/api/v1/groups/.*")) && !create) { method = HttpMethod.PUT; }