fix: check DPoP htm as case-sensitive

panva · Dec 15, 2020 · 33223ff · 33223ff
1 parent e3efd56
commit 33223ff
Showing 1 changed file with 1 addition and 2 deletions.
diff --git a/lib/helpers/oidc_context.js b/lib/helpers/oidc_context.js
@@ -135,8 +135,7 @@ module.exports = function getContext(provider) {
           throw new Error('must have a jti string property');
         }
 
-        // HTTP Methods are case-insensitive
-        if (String(payload.htm).toLowerCase() !== this.ctx.method.toLowerCase()) {
+        if (payload.htm !== this.ctx.method) {
           throw new Error('htm mismatch');
         }