From 49a816f7d0e93f63ec7f25db21857bbdc4bfe046 Mon Sep 17 00:00:00 2001
From: Prasanna Dangalla <prasannadangalla@gmail.com>
Date: Tue, 15 Mar 2022 15:09:33 +0530
Subject: [PATCH] Fixing case sensitive scope validation issue..

---
 .../oauth2/validators/JDBCScopeValidator.java | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/validators/JDBCScopeValidator.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/validators/JDBCScopeValidator.java
index efb0d3494f0..efa470fd643 100644
--- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/validators/JDBCScopeValidator.java
+++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/validators/JDBCScopeValidator.java
@@ -397,8 +397,27 @@ private boolean isUserAuthorizedForScope(String scopeName, String[] userRoles, i
             return false;
         }
 
+	
+	boolean preservedCaseSensitive = Boolean.parseBoolean(System.getProperty("preservedCaseSensitive"));
+
         //Check if the user still has a valid role for this scope.
         Set<String> scopeRoles = new HashSet<>(rolesOfScope);
+        if (!preservedCaseSensitive) {
+            rolesOfScope.retainAll(Arrays.asList(userRoles));
+        } else {
+
+            for (String roleOfScope : rolesOfScope) {
+                rolesOfScope.remove(roleOfScope);
+                rolesOfScope.add(roleOfScope.toLowerCase());
+            }
+
+            ArrayList<String> userRolesLowercase = new ArrayList<>();
+            for (String userRole : userRoles) {
+                userRolesLowercase.add(userRole.toLowerCase());
+            }
+            rolesOfScope.retainAll(userRolesLowercase);
+        }
+
         rolesOfScope.retainAll(Arrays.asList(userRoles));
 
         if (rolesOfScope.isEmpty()) {