We upgraded the VIP Authentication Hub (AH) from version 3.2.2 to 3.3.2. The upgrade was successful, and Refresh Tokens generated on the previous AH version (3.2.2), which are still not expired, continued to work as expected on AH 3.3.2.

However, for certain reasons, we had to perform a helm rollback to revert to AH 3.2.2. Unfortunately, the Refresh Tokens generated on AH 3.3.2, which are still not expired, are no longer valid on AH 3.2.2.

Azserver pod log shows the following error.

Encountered exception during the transaction: Cannot invoke \"String.equals(Object)\" because the return value of \"com.broadcom.layer7authentication.core.dto.TokenGenDTO.getClientId()\" is null

java.lang.NullPointerException: Cannot invoke "String.equals(Object)" because the return value of "com.broadcom.layer7authentication.core.dto.TokenGenDTO.getClientId()" is null
    at com.broadcom.layer7authentication.core.service.oauth2.RefreshTokenService.getRefreshToken(RefreshTokenService.java:134)
    at com.broadcom.layer7authentication.oidcprovider.service.TokenService.processTokenRequestWithRefreshToken(TokenService.java:792)
    at com.broadcom.layer7authentication.oidcprovider.controller.TokenController.processTokenRequest(TokenController.java:228)
    at com.broadcom.layer7authentication.oidcprovider.controller.TokenController.token(TokenController.java:146)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.base/java.lang.reflect.Method.invoke(Method.java:569)

The expectation is that non-expired Refresh Tokens created on AH 3.3.2 should be backward-compatible and work on AH 3.2.2.