Normalize input before comparing #55
Description
STATIC int verify_user(jwt_t * jwt, const char *username)
{
const char *upn = jwt_get_grant(jwt, "upn");
return (strcmp(upn, username) == 0) ? EXIT_SUCCESS : EXIT_FAILURE;
}We are accepting input from two sources without normalizing either. I.E. if John Doe was in AAD as Jdoe@example.com he would have to auth via a service with Jdoe instead of being able to use jdoe. The strcmp will fail every time due to this even though the user exists and is valid. Will push a PR to fix.