From b6b8b6258ec4f025d96d28f927f6ebb7b1d0de3e Mon Sep 17 00:00:00 2001
From: Charles Lowell <10964656+chlowell@users.noreply.github.com>
Date: Fri, 6 Oct 2023 23:01:14 +0000
Subject: [PATCH] Fix ADFS token caching

---
 apps/confidential/confidential_test.go         | 4 ++--
 apps/internal/base/internal/storage/storage.go | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/apps/confidential/confidential_test.go b/apps/confidential/confidential_test.go
index dce35ab8..28bad83e 100644
--- a/apps/confidential/confidential_test.go
+++ b/apps/confidential/confidential_test.go
@@ -384,7 +384,7 @@ func TestADFSTokenCaching(t *testing.T) {
 		AccessToken: accesstokens.TokenResponse{
 			AccessToken:   "at1",
 			RefreshToken:  "rt",
-			TokenType:     "Bearer",
+			TokenType:     "bearer",
 			ExpiresOn:     internalTime.DurationTime{T: time.Now().Add(time.Hour)},
 			ExtExpiresOn:  internalTime.DurationTime{T: time.Now().Add(time.Hour)},
 			GrantedScopes: accesstokens.Scopes{Slice: tokenScope},
@@ -415,7 +415,7 @@ func TestADFSTokenCaching(t *testing.T) {
 
 	// simulate authenticating a different user
 	fakeAT.AccessToken.AccessToken = "at2"
-	fakeAT.AccessToken.TokenType = "Bearer"
+	fakeAT.AccessToken.TokenType = "bearer"
 	fakeAT.AccessToken.IDToken.Name = "B"
 	fakeAT.AccessToken.IDToken.PreferredUsername = "B"
 	fakeAT.AccessToken.IDToken.Subject = "B"
diff --git a/apps/internal/base/internal/storage/storage.go b/apps/internal/base/internal/storage/storage.go
index ed82397f..2221e60c 100644
--- a/apps/internal/base/internal/storage/storage.go
+++ b/apps/internal/base/internal/storage/storage.go
@@ -293,7 +293,7 @@ func (m *Manager) readAccessToken(homeID string, envAliases []string, realm, cli
 	// an issue, however if it does become a problem then we know where to look.
 	for k, at := range m.contract.AccessTokens {
 		if at.HomeAccountID == homeID && at.Realm == realm && at.ClientID == clientID {
-			if (at.TokenType == tokenType && at.AuthnSchemeKeyID == authnSchemeKeyID) || (at.TokenType == "" && (tokenType == "" || tokenType == "Bearer")) {
+			if (strings.EqualFold(at.TokenType, tokenType) && at.AuthnSchemeKeyID == authnSchemeKeyID) || (at.TokenType == "" && (tokenType == "" || tokenType == "Bearer")) {
 				if checkAlias(at.Environment, envAliases) && isMatchingScopes(scopes, at.Scopes) {
 					m.contractMu.RUnlock()
 					if needsUpgrade(k) {