lower case bearer (#252)
diff --git a/scripts/lua/policies/security/oauth2.lua b/scripts/lua/policies/security/oauth2.lua
index f54e719..21a8e81 100644
--- a/scripts/lua/policies/security/oauth2.lua
+++ b/scripts/lua/policies/security/oauth2.lua
@@ -39,7 +39,8 @@
request.err(401, "No Authorization header provided")
return nil
end
- accessToken = string.gsub(accessToken, '^Bearer%s', '')
+
+ accessToken = string.gsub(accessToken, '^[B|b][E|e][A|a][R|r][E|e][R|r]%s', '')
local token = exchange(dataStore, accessToken, securityObj.provider, securityObj)
if token == nil then