AuthN: Use EqualFold for skipping introspection endpoint (#69126)

Add equality check for introspect ep in basic.go

pkg/services/authn/clients/basic.go

@@ -44,7 +44,7 @@ func (c *Basic) Test(ctx context.Context, r *authn.Request) bool {
 		return false
 	}
 	// The OAuth2 introspection endpoint uses basic auth but is handled by the oauthserver package.
-	if strings.HasPrefix(r.HTTPRequest.RequestURI, "/oauth2/introspect") {
+	if strings.EqualFold(r.HTTPRequest.RequestURI, "/oauth2/introspect") {
 		return false
 	}
 	return looksLikeBasicAuthRequest(r)

pkg/services/authn/clients/basic_test.go

@@ -85,6 +85,12 @@ func TestBasic_Test(t *testing.T) {
 				HTTPRequest: &http.Request{Header: map[string][]string{authorizationHeaderName: {"something"}}},
 			},
 		},
+		{
+			desc: "should fail when the URL ends with /oauth2/introspect",
+			req: &authn.Request{
+				HTTPRequest: &http.Request{Header: map[string][]string{authorizationHeaderName: {encodeBasicAuth("user", "password")}}, RequestURI: "/oauth2/introspect"},
+			},
+		},
 	}
 
 	for _, tt := range tests {