[Bug]: null pointer exception in GetTokenIDAndSubjectFromToken

### Preflight Checklist

- [x] I could not find a solution in the documentation, the existing issues or discussions
- [x] I have joined the [ZITADEL chat](https://zitadel.com/chat)

### Version

3.34.1 and master branch

### Describe the problem caused by this bug

In `pkg/op/exchange_token.go`:
From [L309-313](https://github.com/zitadel/oidc/blob/8c9a5360587d988691f7b27ed1c2fb9d5e49fc00/pkg/op/token_exchange.go#L309-L313):
```
tokenIDOrToken, subject, accessTokenClaims, ok = getTokenIDAndClaims(ctx, exchanger, token)
		if !ok {
			break
		}
		claims = accessTokenClaims.Claims
```

And the `getTokenIDAndClaims` function has a return case at  [L424](https://github.com/zitadel/oidc/blob/8c9a5360587d988691f7b27ed1c2fb9d5e49fc00/pkg/op/token_exchange.go#L424):
```
return splitToken[0], splitToken[1], nil, true
```

When this codepath is hit, ok is true, then the `accessTokenClaims` is a nil point, which is accessed.

Second bug: this usecase is not covered by unit tests.



### To reproduce

Try to do a token exchange which is hitting this codepath (user initiates a client credential grant flow, then tries to exchange the token to have the audience match the resource provider it is trying to access).


### Screenshots

_No response_

### Expected behavior

The token exchange working properly.


### Additional Context

Discord gladly has thrown some errors which thankfully made me unable to join.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Bug]: null pointer exception in GetTokenIDAndSubjectFromToken #704

Preflight Checklist

Version

Describe the problem caused by this bug

To reproduce

Screenshots

Expected behavior

Additional Context

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development