From 0d0360a29122087b08c7fe81320b0a4a92eba338 Mon Sep 17 00:00:00 2001
From: Brian Demers <bdemers@apache.org>
Date: Thu, 24 Aug 2017 17:10:26 -0400
Subject: [PATCH 1/2] Null check around refresh cookie when revoking token

---
 .../event/TokenRevocationRequestEventListener.java        | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/extensions/servlet/src/main/java/com/stormpath/sdk/servlet/event/TokenRevocationRequestEventListener.java b/extensions/servlet/src/main/java/com/stormpath/sdk/servlet/event/TokenRevocationRequestEventListener.java
index d934a8d905..e6eb10bcb5 100644
--- a/extensions/servlet/src/main/java/com/stormpath/sdk/servlet/event/TokenRevocationRequestEventListener.java
+++ b/extensions/servlet/src/main/java/com/stormpath/sdk/servlet/event/TokenRevocationRequestEventListener.java
@@ -33,6 +33,7 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 
 /**
@@ -82,8 +83,11 @@ private void revokeAccessToken(LogoutRequestEvent event) {
 
     private void revokeRefreshToken(LogoutRequestEvent event) {
         HttpServletRequest request = event.getRequest();
-        String refreshToken = refreshTokenCookieResolver.get(request, null).getValue();
-        revokeToken(refreshToken, TokenTypeHint.REFRESH_TOKEN, request);
+        Cookie refreshTokenCookie = refreshTokenCookieResolver.get(request, null);
+        if (refreshTokenCookie != null) {
+            String refreshToken = refreshTokenCookie.getValue();
+            revokeToken(refreshToken, TokenTypeHint.REFRESH_TOKEN, request);
+        }
     }
 
     private void revokeToken(String token, TokenTypeHint tokenTypeHint, HttpServletRequest request) {

From 08a5ae0cbdfa68fbadda63d539725d04bdf309a3 Mon Sep 17 00:00:00 2001
From: Brian Demers <bdemers@apache.org>
Date: Thu, 24 Aug 2017 17:11:19 -0400
Subject: [PATCH 2/2] Allow POST messages to /api/v1/users/ it supports partial
 updates (groups does not)

---
 .../main/java/com/stormpath/sdk/impl/ds/DefaultDataStore.java  | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/impl/src/main/java/com/stormpath/sdk/impl/ds/DefaultDataStore.java b/impl/src/main/java/com/stormpath/sdk/impl/ds/DefaultDataStore.java
index 7fd35a11f2..d2fd52e989 100644
--- a/impl/src/main/java/com/stormpath/sdk/impl/ds/DefaultDataStore.java
+++ b/impl/src/main/java/com/stormpath/sdk/impl/ds/DefaultDataStore.java
@@ -475,8 +475,7 @@ public ResourceDataResult filter(final ResourceDataRequest req) {
 
                 // if this is an Okta CRUD operation, we must use a PUT and not a POST
                 HttpMethod method = HttpMethod.POST;
-                if ((href.matches(".*\\/api\\/v1\\/users\\/\\w*$")
-                        || href.matches(".*/api/v1/groups/.*"))
+                if ((href.matches(".*/api/v1/groups/.*"))
                         && !create) {
                     method = HttpMethod.PUT;
                 }