From 45ea899de8aa6b15b60409285a1bb744ef2b1c55 Mon Sep 17 00:00:00 2001
From: Justin Richer <jricher@mit.edu>
Date: Wed, 12 Apr 2017 16:00:23 -0400
Subject: [PATCH] made user codes case insensitive

---
 .../oauth2/service/impl/DefaultDeviceCodeService.java      | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultDeviceCodeService.java b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultDeviceCodeService.java
index fcdc12527..2dc8c2361 100644
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultDeviceCodeService.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultDeviceCodeService.java
@@ -57,8 +57,8 @@ public class DefaultDeviceCodeService implements DeviceCodeService {
 		// create a device code, should be big and random
 		String deviceCode = UUID.randomUUID().toString();
 
-		// create a user code, should be random but small and typable
-		String userCode = randomGenerator.generate();
+		// create a user code, should be random but small and typable, and always uppercase (lookup is case insensitive)
+		String userCode = randomGenerator.generate().toUpperCase();
 
 		DeviceCode dc = new DeviceCode(deviceCode, userCode, requestedScopes, client.getClientId(), parameters);
 
@@ -76,7 +76,8 @@ public class DefaultDeviceCodeService implements DeviceCodeService {
 	 */
 	@Override
 	public DeviceCode lookUpByUserCode(String userCode) {
-		return repository.getByUserCode(userCode);
+		// always up-case the code for lookup
+		return repository.getByUserCode(userCode.toUpperCase());
 	}
 
 	/* (non-Javadoc)