From b72d6686489bdb1a7484e1ba697614137cd36b73 Mon Sep 17 00:00:00 2001
From: Filip Skokan <panva.ip@gmail.com>
Date: Wed, 30 Aug 2023 11:16:51 +0200
Subject: [PATCH] fix(DPoP): compare htu scheme and hostname case independent

---
 lib/helpers/validate_dpop.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/helpers/validate_dpop.js b/lib/helpers/validate_dpop.js
index 9d010dad1..b19149bb3 100644
--- a/lib/helpers/validate_dpop.js
+++ b/lib/helpers/validate_dpop.js
@@ -71,7 +71,7 @@ export default async (ctx, accessToken) => {
     }
 
     {
-      const expected = ctx.oidc.urlFor(ctx.oidc.route);
+      const expected = new URL(ctx.oidc.urlFor(ctx.oidc.route)).href;
       let actual;
       try {
         actual = new URL(payload.htu);