diff --git a/src/main/java/org/jenkinsci/plugins/oic/OicSecurityRealm.java b/src/main/java/org/jenkinsci/plugins/oic/OicSecurityRealm.java
index 8d922da2..a2bfa264 100644
--- a/src/main/java/org/jenkinsci/plugins/oic/OicSecurityRealm.java
+++ b/src/main/java/org/jenkinsci/plugins/oic/OicSecurityRealm.java
@@ -1546,7 +1546,7 @@ private boolean handleTokenRefreshResponse(
 
         String username = determineStringField(userNameFieldExpr, parsedIdToken, userInfo);
 
-        if (!expectedUsername.equals(username)) {
+        if (!User.idStrategy().equals(expectedUsername, username)) {
             httpResponse.sendError(
                     HttpServletResponse.SC_UNAUTHORIZED, "User name was not the same after refresh request");
             return false;