OAuth: Proper normalization of explicit mixed case role names (Preview)¶
Attention
This behavior change is in the 2026_01 bundle.
For the current status of the bundle, refer to Bundle history.
OAuth role name handling is changing to properly normalize role names that are explicitly specified using double quotation characters:
- Before the change:
Role names that use a combination of uppercase and lowercase characters enclosed by double quotes to preserve these cases, such as
RoLe_NaMe, are capitalized during OAuth client checks. This behavior is unexpected.- After the change:
Role names that use a combination of uppercase and lowercase characters enclosed by double quotes to preserve these cases, such as
RoLe_NaMe, pass OAuth checks without capitalization. The new behavior preserves role names that intentionally use characters with mixed case.
This behavior change corrects the unexpected behavior.
This behavior change is only relevant when a role name is explicitly passed during an OAuth workflow.
The following table lists examples of current and post-change behavior. Row 2 shows the changed behavior.
Specified role name |
Current Behavior |
Post-change behavior |
|---|---|---|
Role1 |
ROLE1 |
ROLE1 |
“RoLe1” |
ROLE1 |
RoLe1 |
roLe1 |
ROLE1 |
ROLE1 |
role1 |
ROLE1 |
ROLE1 |
Ref: 2192