Re-populate public key if JWT fails to parse (#6786)

This is done such that if WSO2 was re-configured with new TLS certs, and newer tokens are signed with a newer public key. Once populated parse the JWT again
2025-02-03 09:55:59 -05:00 · 2018-11-08 17:01:20 -08:00 · 2018-11-08 17:01:20 -08:00 · a40610d331
commit a40610d331
parent 38978eb2aa
1 changed files with 7 additions and 1 deletions
--- a/pkg/iam/validator/jwt.go
+++ b/pkg/iam/validator/jwt.go
@ -185,7 +185,13 @@ func (p *JWT) Validate(token, dsecs string) (map[string]interface{}, error) {
 	var claims jwtgo.MapClaims
 	jwtToken, err := jwtgo.ParseWithClaims(token, &claims, keyFuncCallback)
 	if err != nil {
-		return nil, err
+		if err = p.args.PopulatePublicKey(); err != nil {
+			return nil, err
+		}
+		jwtToken, err = jwtgo.ParseWithClaims(token, &claims, keyFuncCallback)
+		if err != nil {
+			return nil, err
+		}
 	}

 	if !jwtToken.Valid {