From 0b07e1c7710e0f3512543260f8608583e3ec7818 Mon Sep 17 00:00:00 2001
From: Julien Stroheker <juliens@microsoft.com>
Date: Tue, 29 Aug 2023 08:07:56 -0400
Subject: [PATCH] update cache logic + UT

---
 apps/internal/base/internal/storage/storage.go      | 2 +-
 apps/internal/base/internal/storage/storage_test.go | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/apps/internal/base/internal/storage/storage.go b/apps/internal/base/internal/storage/storage.go
index 2a5c24d9..11263822 100644
--- a/apps/internal/base/internal/storage/storage.go
+++ b/apps/internal/base/internal/storage/storage.go
@@ -261,7 +261,7 @@ func (m *Manager) readAccessToken(homeID string, envAliases []string, realm, cli
 	// an issue, however if it does become a problem then we know where to look.
 	for _, at := range m.contract.AccessTokens {
 		if at.HomeAccountID == homeID && at.Realm == realm && at.ClientID == clientID {
-			if at.TokenType == tokenType && at.AuthnSchemeKeyID == authnSchemeKeyID || at.TokenType == "" {
+			if (at.TokenType == tokenType && at.AuthnSchemeKeyID == authnSchemeKeyID) || (at.TokenType == "" && (tokenType == "" || tokenType == "Bearer")) {
 				if checkAlias(at.Environment, envAliases) {
 					if isMatchingScopes(scopes, at.Scopes) {
 						return at
diff --git a/apps/internal/base/internal/storage/storage_test.go b/apps/internal/base/internal/storage/storage_test.go
index 41d85a91..320adafc 100644
--- a/apps/internal/base/internal/storage/storage_test.go
+++ b/apps/internal/base/internal/storage/storage_test.go
@@ -180,14 +180,14 @@ func TestReadAccessToken(t *testing.T) {
 	if diff := pretty.Compare(testAccessTokenWithoutTokenType, retAccessToken2); diff != "" {
 		t.Fatalf("Returned access token is not the same as expected access token: -want/+got:\n%s", diff)
 	}
-	// Test that we can find fallback to an empty token type in the cache when the token type is not provided
+	// Test that we can find fallback to an empty token type in the cache when the token type is Bearer (defaulted)
 	retAccessToken2 = storageManager.readAccessToken(
 		"hid2",
 		[]string{"hello", "env2", "test"},
 		"realm2",
 		"cid2",
 		[]string{"user.read", "openid"},
-		"tokenType",
+		"Bearer",
 		"",
 	)
 	if diff := pretty.Compare(testAccessTokenWithoutTokenType, retAccessToken2); diff != "" {