From 8bf7998150653cd4bf5b6589bc67c5cdf02aedce Mon Sep 17 00:00:00 2001
From: Dominik Chilla <43314918+chillout2k@users.noreply.github.com>
Date: Fri, 2 Jan 2026 17:42:22 +0100
Subject: [PATCH] Fix for Hashicorp Vault - accept opaque access tokens with
 dot-characters (#113)

---
 session.go | 13 +------------
 1 file changed, 1 insertion(+), 12 deletions(-)

diff --git a/session.go b/session.go
index 434a27f..df4301d 100644
--- a/session.go
+++ b/session.go
@@ -1820,23 +1820,12 @@ func (sd *SessionData) SetAccessToken(token string) {
 	defer sd.sessionMutex.Unlock()
 
 	if token != "" {
-		dotCount := strings.Count(token, ".")
-		// Reject tokens with exactly 1 dot (invalid format - neither JWT nor opaque)
-		if dotCount == 1 {
-			if sd.manager != nil && sd.manager.logger != nil {
-				sd.manager.logger.Debug("Invalid token format during storage (dots: %d) - rejecting", dotCount)
-			}
-			return
-		}
-		// For opaque tokens (no dots), ensure minimum length for security
-		if dotCount == 0 && len(token) < 20 {
+		if len(token) < 20 {
 			if sd.manager != nil && sd.manager.logger != nil {
 				sd.manager.logger.Debug("Token too short for opaque token (length: %d) - rejecting", len(token))
 			}
 			return
 		}
-		// Tokens with 2 dots are JWTs, tokens with 0 dots are opaque
-		// Both are valid formats
 	}
 
 	currentAccessToken := sd.getAccessTokenUnsafe()