fix: Accept lowercase Authorization tokens.

src/authentication/BearerWebIdExtractor.ts

@@ -19,7 +19,7 @@ export class BearerWebIdExtractor extends CredentialsExtractor {
 
   public async canHandle({ headers }: HttpRequest): Promise<void> {
     const { authorization } = headers;
-    if (!authorization || !authorization.startsWith('Bearer ')) {
+    if (!authorization || !/^Bearer /ui.test(authorization)) {
       throw new NotImplementedHttpError('No Bearer Authorization header specified.');
     }
   }

src/authentication/DPoPWebIdExtractor.ts

@@ -27,7 +27,7 @@ export class DPoPWebIdExtractor extends CredentialsExtractor {
 
   public async canHandle({ headers }: HttpRequest): Promise<void> {
     const { authorization } = headers;
-    if (!authorization || !authorization.startsWith('DPoP ')) {
+    if (!authorization || !/^DPoP /ui.test(authorization)) {
       throw new NotImplementedHttpError('No DPoP-bound Authorization header specified.');
     }
   }

src/authentication/UnsecureWebIdExtractor.ts

@@ -13,13 +13,13 @@ export class UnsecureWebIdExtractor extends CredentialsExtractor {
 
   public async canHandle({ headers }: HttpRequest): Promise<void> {
     const { authorization } = headers;
-    if (!authorization || !authorization.startsWith('WebID ')) {
+    if (!authorization || !/^WebID /ui.test(authorization)) {
       throw new NotImplementedHttpError('No WebID Authorization header specified.');
     }
   }
 
   public async handle({ headers }: HttpRequest): Promise<CredentialSet> {
-    const webId = /^WebID\s+(.*)/u.exec(headers.authorization!)![1];
+    const webId = /^WebID\s+(.*)/ui.exec(headers.authorization!)![1];
     this.logger.info(`Agent unsecurely claims to be ${webId}`);
     return { [CredentialGroup.agent]: { webId }};
   }