praseodym
diff --git a/‎openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java‎
Lines changed: 1 addition & 1 deletion b/‎openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java‎
Lines changed: 1 addition & 1 deletion
@@ -213,7 +213,7 @@ public OAuth2AccessTokenEntity refreshAccessToken(String refreshTokenValue, Auth
 
 // make sure that the client requesting the token is the one who owns the refresh token
 ClientDetailsEntity requestingClient = clientDetailsService.loadClientByClientId(authRequest.getClientId());
-if (requestingClient.getClientId() != client.getClientId()) {
+if (!client.getClientId().equals(requestingClient.getClientId())) {
 tokenRepository.removeRefreshToken(refreshToken);
 throw new InvalidClientException("Client does not own the presented refresh token");
 }
Original file line number	Diff line number	Diff line change
`@@ -213,7 +213,7 @@ public OAuth2AccessTokenEntity refreshAccessToken(String refreshTokenValue, Auth`
`213`	`213`
`214`	`214`	`// make sure that the client requesting the token is the one who owns the refresh token`
`215`	`215`	`ClientDetailsEntity requestingClient = clientDetailsService.loadClientByClientId(authRequest.getClientId());`
`216`		`-if (requestingClient.getClientId() != client.getClientId()) {`
	`216`	`+if (!client.getClientId().equals(requestingClient.getClientId())) {`
`217`	`217`	`tokenRepository.removeRefreshToken(refreshToken);`
`218`	`218`	`throw new InvalidClientException("Client does not own the presented refresh token");`
`219`	`219`	`}`