Merge pull request #394 from eva-mueller-coremedia/patch-1

Compare username based on ID strategy on token refresh
jenkinsci · Sep 18, 2024 · db7d59e · db7d59e
2 parents 4228c6f + a5a97f8
commit db7d59e
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/main/java/org/jenkinsci/plugins/oic/OicSecurityRealm.java b/src/main/java/org/jenkinsci/plugins/oic/OicSecurityRealm.java
@@ -1546,7 +1546,7 @@ private boolean handleTokenRefreshResponse(
 
         String username = determineStringField(userNameFieldExpr, parsedIdToken, userInfo);
 
-        if (!expectedUsername.equals(username)) {
+        if (!User.idStrategy().equals(expectedUsername, username)) {
             httpResponse.sendError(
                     HttpServletResponse.SC_UNAUTHORIZED, "User name was not the same after refresh request");
             return false;