Hi!

I recently encountered a problem which seems to be somehow related to#492

It seems that the OAuth request behaves differently depending on whether the REST client is running locally or in a docker container in a cloud environment.
For the first case, when we use a wrong clientId for authentication, a 401 response with a body is received, which is logged in debug mode (in methodOAuth20Service.sendAccessTokenRequestSync()) like follows:

created access token client credentials grant request with body params [grant_type=client_credentials], query string params []send request for access token synchronously to https://...response status code: 401response body: {"error":"unauthorized","error_description":"Full authentication is required to access this resource"}

I have absolutely no idea where the "response body" is taken from because it is 100% sure that the service doesn't send a body for a 401 response - it is simply empty (tested with curl, postman etc.)

Now, when our client is running in the cloud (and contacting the exact same service), the response is null:

created access token client credentials grant request with body params [grant_type=client_credentials], query string params []send request for access token synchronously to https://...response status code: 401response body: null

In this case, an exception is thrown inOAuth2AccessTokenJsonExtractor.extract():

 java.lang.IllegalArgumentException: Response body is incorrect. Can't extract a token from an empty stringat com.github.scribejava.core.utils.Preconditions.check(Preconditions.java:49)at com.github.scribejava.core.utils.Preconditions.checkEmptyString(Preconditions.java:31)at com.github.scribejava.core.extractors.OAuth2AccessTokenJsonExtractor.extract(OAuth2AccessTokenJsonExtractor.java:34)at com.github.scribejava.core.extractors.OAuth2AccessTokenJsonExtractor.extract(OAuth2AccessTokenJsonExtractor.java:17)at com.github.scribejava.core.oauth.OAuth20Service.sendAccessTokenRequestSync(OAuth20Service.java:157)at com.github.scribejava.core.oauth.OAuth20Service.getAccessTokenClientCredentialsGrant(OAuth20Service.java:418)

Because of that, I am wondering: Why should it be a problem if there is no response body when we receive a 401 response? Actually, according to the HTTP code it is clear that there won't be an OAuth token and there will be nothing that could be extracted from the response. Besides this, thegenerateError() method which would be called afterwards does also allow the variables errorUri, errorCode and errorDescription to be null when throwing theOAuth2AccessTokenErrorResponse exception.

Thus, I think that the check for an empty string might be too early und should be placed below the if-statement, isn't it?
Thanks!