update

Author: guFalcon

pom.xml

@@ -10,7 +10,7 @@
 
 	<modelVersion>4.0.0</modelVersion>
 	<artifactId>oauth-token-manager</artifactId>
-	<version>1.0.5</version>
+	<version>1.0.6</version>
 	<name>OauthTokenManager</name>
 	<packaging>jar</packaging>
 

src/main/java/info/unterrainer/oauthtokenmanager/OauthTokenManager.java

@@ -116,6 +116,9 @@ private TokenVerifier<AccessToken> persistUserInfoInContext(String authorization
 		if (authorizationHeader == null || authorizationHeader.isBlank())
 			return null;
 
+		if (authorizationHeader.toLowerCase().startsWith("bearer "))
+			authorizationHeader = authorizationHeader.substring(7);
+
 		try {
 			TokenVerifier<AccessToken> tokenVerifier = TokenVerifier.create(authorizationHeader, AccessToken.class);
 			RemoteOauthToken remoteAccessToken = RemoteOauthToken.builder()
@@ -127,8 +130,8 @@ private TokenVerifier<AccessToken> persistUserInfoInContext(String authorization
 			}
 			// Disabled to enable getting token from side-channels like 'localhost'.
 			/*
-			 * if (!token.getIssuer().equalsIgnoreCase(authUrl)) {
-			 * setTokenRejectionReason(ctx, "Token has wrong real-url."); return null; }
+			 * if (!remoteAccessToken.getIssuer().equalsIgnoreCase(authUrl)) {
+			 * log.warn("Token has wrong real-url."); return null; }
 			 */
 			return tokenVerifier;