From a40610d3318f1978008387322ee9ca46853bdced Mon Sep 17 00:00:00 2001
From: Harshavardhana <harsha@minio.io>
Date: Thu, 8 Nov 2018 17:01:20 -0800
Subject: [PATCH] Re-populate public key if JWT fails to parse (#6786)

This is done such that if WSO2 was re-configured
with new TLS certs, and newer tokens are signed
with a newer public key. Once populated parse the JWT
again
---
 pkg/iam/validator/jwt.go | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/pkg/iam/validator/jwt.go b/pkg/iam/validator/jwt.go
index 1d0001467..acd5b0d81 100644
--- a/pkg/iam/validator/jwt.go
+++ b/pkg/iam/validator/jwt.go
@@ -185,7 +185,13 @@ func (p *JWT) Validate(token, dsecs string) (map[string]interface{}, error) {
 	var claims jwtgo.MapClaims
 	jwtToken, err := jwtgo.ParseWithClaims(token, &claims, keyFuncCallback)
 	if err != nil {
-		return nil, err
+		if err = p.args.PopulatePublicKey(); err != nil {
+			return nil, err
+		}
+		jwtToken, err = jwtgo.ParseWithClaims(token, &claims, keyFuncCallback)
+		if err != nil {
+			return nil, err
+		}
 	}
 
 	if !jwtToken.Valid {