From d8a043a6c7072fbfa87bf332978ac93e6cc7faef Mon Sep 17 00:00:00 2001
From: Raif Atef <beliskner.github.3psil0N@neverbox.com>
Date: Sat, 12 Nov 2016 14:11:36 +0200
Subject: [PATCH] Make token_type check in validate_token_response
 case-insensitive (Fixes issue #15).

---
 includes/openid-connect-generic-client.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/includes/openid-connect-generic-client.php b/includes/openid-connect-generic-client.php
index 6fbda04..4561c89 100644
--- a/includes/openid-connect-generic-client.php
+++ b/includes/openid-connect-generic-client.php
@@ -228,7 +228,7 @@ class OpenID_Connect_Generic_Client {
 		// we need to ensure 3 specific items exist with the token response in order
 		// to proceed with confidence:  id_token, access_token, and token_type == 'Bearer'
 		if ( ! isset( $token_response['id_token'] ) || ! isset( $token_response['access_token'] ) ||
-		     ! isset( $token_response['token_type'] ) || $token_response['token_type'] !== 'Bearer'
+		     ! isset( $token_response['token_type'] ) || strcasecmp( $token_response['token_type'], 'Bearer' )
 		) {
 			return new WP_Error( 'invalid-token-response', 'Invalid token response', $token_response );
 		}