From 241be9709c9417aafed51dd558cc203c940932b7 Mon Sep 17 00:00:00 2001
From: jiuker <2818723467@qq.com>
Date: Fri, 6 Sep 2024 10:46:36 +0800
Subject: [PATCH] fix: jwt error overrwriten by nil public key (#20387)

---
 internal/config/identity/openid/jwt.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/internal/config/identity/openid/jwt.go b/internal/config/identity/openid/jwt.go
index 89acb814b..0be788d8c 100644
--- a/internal/config/identity/openid/jwt.go
+++ b/internal/config/identity/openid/jwt.go
@@ -148,7 +148,11 @@ func (r *Config) Validate(ctx context.Context, arn arn.ARN, token, accessToken,
 		if !ok {
 			return nil, fmt.Errorf("Invalid kid value %v", jwtToken.Header["kid"])
 		}
-		return r.pubKeys.get(kid), nil
+		pubkey := r.pubKeys.get(kid)
+		if pubkey == nil {
+			return nil, fmt.Errorf("No public key found for kid %s", kid)
+		}
+		return pubkey, nil
 	}
 
 	pCfg, ok := r.arnProviderCfgsMap[arn]