Fix ADFS token caching

AzureAD · Oct 24, 2023 · 22d8300 · 22d8300
1 parent af6aed9
commit 22d8300
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/apps/confidential/confidential_test.go b/apps/confidential/confidential_test.go
@@ -384,7 +384,7 @@ func TestADFSTokenCaching(t *testing.T) {
 		AccessToken: accesstokens.TokenResponse{
 			AccessToken:   "at1",
 			RefreshToken:  "rt",
-			TokenType:     "Bearer",
+			TokenType:     "bearer",
 			ExpiresOn:     internalTime.DurationTime{T: time.Now().Add(time.Hour)},
 			ExtExpiresOn:  internalTime.DurationTime{T: time.Now().Add(time.Hour)},
 			GrantedScopes: accesstokens.Scopes{Slice: tokenScope},
@@ -415,7 +415,7 @@ func TestADFSTokenCaching(t *testing.T) {
 
 	// simulate authenticating a different user
 	fakeAT.AccessToken.AccessToken = "at2"
-	fakeAT.AccessToken.TokenType = "Bearer"
+	fakeAT.AccessToken.TokenType = "bearer"
 	fakeAT.AccessToken.IDToken.Name = "B"
 	fakeAT.AccessToken.IDToken.PreferredUsername = "B"
 	fakeAT.AccessToken.IDToken.Subject = "B"

diff --git a/apps/internal/base/internal/storage/storage.go b/apps/internal/base/internal/storage/storage.go
@@ -293,7 +293,7 @@ func (m *Manager) readAccessToken(homeID string, envAliases []string, realm, cli
 	// an issue, however if it does become a problem then we know where to look.
 	for k, at := range m.contract.AccessTokens {
 		if at.HomeAccountID == homeID && at.Realm == realm && at.ClientID == clientID {
-			if (at.TokenType == tokenType && at.AuthnSchemeKeyID == authnSchemeKeyID) || (at.TokenType == "" && (tokenType == "" || tokenType == "Bearer")) {
+			if (strings.EqualFold(at.TokenType, tokenType) && at.AuthnSchemeKeyID == authnSchemeKeyID) || (at.TokenType == "" && (tokenType == "" || tokenType == "Bearer")) {
 				if checkAlias(at.Environment, envAliases) && isMatchingScopes(scopes, at.Scopes) {
 					m.contractMu.RUnlock()
 					if needsUpgrade(k) {