Normalizing subdomain when checking JWTs; similar to room.

resources/prosody-plugins/token/util.lib.lua

@@ -379,7 +379,7 @@ function Util:verify_room(session, room_address)
         end
 
         return room_address_to_verify == jid.join(
-            "["..subdomain_to_check.."]"..string.lower(room_to_check), self.muc_domain);
+            "["..string.lower(subdomain_to_check).."]"..string.lower(room_to_check), self.muc_domain);
     else
         if auth_domain == '*' then
             -- check for wildcard in JWT claim, allow access if found
@@ -391,7 +391,7 @@ function Util:verify_room(session, room_address)
         -- we do not have a domain part (multidomain is not enabled)
         -- verify with info from the token
         return room_address_to_verify == jid.join(
-            string.lower(room_to_check), subdomain_to_check);
+            string.lower(room_to_check), string.lower(subdomain_to_check));
     end
 end