From 35a7a72071c4e712c536dd5d9c634146429d33ee Mon Sep 17 00:00:00 2001
From: Frederick Muriuki Muriithi
Date: Mon, 22 Apr 2024 12:23:20 +0300
Subject: Resolve the key using the "kid" field.

---
 gn_auth/auth/authentication/oauth2/grants/jwt_bearer_grant.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gn_auth/auth/authentication/oauth2/grants/jwt_bearer_grant.py b/gn_auth/auth/authentication/oauth2/grants/jwt_bearer_grant.py
index cc4a12f..85c8d2e 100644
--- a/gn_auth/auth/authentication/oauth2/grants/jwt_bearer_grant.py
+++ b/gn_auth/auth/authentication/oauth2/grants/jwt_bearer_grant.py
@@ -49,7 +49,7 @@ class JWTBearerGrant(_JWTBearerGrant):
 
     def resolve_client_key(self, client, headers, payload):
         """Resolve client key to decode assertion data."""
-        return app.config["JWT_PUBLIC_KEY"]
+        return app.config["SSL_PUBLIC_KEYS"].get(headers["kid"])
 
 
     def authenticate_user(self, subject):
-- 
cgit v1.2.3