Use case-insensitive DPoP scheme check

sberyozkin · sberyozkin · commit d1456b15a2ff · 2025-05-27T15:46:24.000+01:00
diff --git a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/BearerAuthenticationMechanism.java b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/BearerAuthenticationMechanism.java
@@ -60,7 +60,7 @@ private static void setCertificateThumbprint(RoutingContext context, OidcTenantC
     }
 
     private static void setDPopProof(RoutingContext context, OidcTenantConfig oidcTenantConfig, String token) {
-        if (OidcConstants.DPOP_SCHEME.equals(oidcTenantConfig.token().authorizationScheme())) {
+        if (OidcUtils.isDPoPScheme(oidcTenantConfig.token().authorizationScheme())) {
 
             List<String> proofs = context.request().headers().getAll(OidcConstants.DPOP_SCHEME);
             if (proofs == null || proofs.isEmpty()) {
diff --git a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcUtils.java b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcUtils.java
@@ -916,4 +916,8 @@ public static String decryptToken(TenantConfigContext resolvedContext, String to
         }
         return token;
     }
+
+    public static boolean isDPoPScheme(String authorizationScheme) {
+        return OidcConstants.DPOP_SCHEME.equalsIgnoreCase(authorizationScheme);
+    }
 }
diff --git a/extensions/oidc/runtime/src/test/java/io/quarkus/oidc/runtime/OidcUtilsTest.java b/extensions/oidc/runtime/src/test/java/io/quarkus/oidc/runtime/OidcUtilsTest.java
@@ -33,6 +33,15 @@
 
 public class OidcUtilsTest {
 
+    @Test
+    public void testDpopScheme() throws Exception {
+
+        assertTrue(OidcUtils.isDPoPScheme("DPoP"));
+        assertTrue(OidcUtils.isDPoPScheme("dpop"));
+        assertFalse(OidcUtils.isDPoPScheme("pop"));
+
+    }
+
     @Test
     public void testGetSingleSessionCookie() throws Exception {
 

Original file line number	Diff line number	Diff line change
`@@ -60,7 +60,7 @@ private static void setCertificateThumbprint(RoutingContext context, OidcTenantC`
`60`	`60`	`}`
`61`	`61`
`62`	`62`	`private static void setDPopProof(RoutingContext context, OidcTenantConfig oidcTenantConfig, String token) {`
`63`		`- if (OidcConstants.DPOP_SCHEME.equals(oidcTenantConfig.token().authorizationScheme())) {`
	`63`	`+ if (OidcUtils.isDPoPScheme(oidcTenantConfig.token().authorizationScheme())) {`
`64`	`64`
`65`	`65`	`List<String> proofs = context.request().headers().getAll(OidcConstants.DPOP_SCHEME);`
`66`	`66`	`if (proofs == null \|\| proofs.isEmpty()) {`
Original file line number	Diff line number	Diff line change
`@@ -916,4 +916,8 @@ public static String decryptToken(TenantConfigContext resolvedContext, String to`
`916`	`916`	`}`
`917`	`917`	`return token;`
`918`	`918`	`}`
	`919`	`+`
	`920`	`+ public static boolean isDPoPScheme(String authorizationScheme) {`
	`921`	`+ return OidcConstants.DPOP_SCHEME.equalsIgnoreCase(authorizationScheme);`
	`922`	`+ }`
`919`	`923`	`}`