Compare username based on ID strategy on token refresh

jenkinsci · Sep 10, 2024 · a5a97f8 · a5a97f8
1 parent d925bf7
commit a5a97f8
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/main/java/org/jenkinsci/plugins/oic/OicSecurityRealm.java b/src/main/java/org/jenkinsci/plugins/oic/OicSecurityRealm.java
@@ -1516,7 +1516,7 @@ private boolean handleTokenRefreshResponse(
 
         String username = determineStringField(userNameFieldExpr, parsedIdToken, userInfo);
 
-        if (!expectedUsername.equals(username)) {
+        if (!User.idStrategy().equals(expectedUsername, username)) {
             httpResponse.sendError(
                     HttpServletResponse.SC_UNAUTHORIZED, "User name was not the same after refresh request");
             return false;