fix: client keystore refresh keeps the derived octet keys in store

fixes #816
panva · Nov 10, 2020 · 024841e · 024841e
1 parent dbaf2d7
commit 024841e
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 0 deletions.
diff --git a/lib/models/client.js b/lib/models/client.js
@@ -171,6 +171,9 @@ const clientKeyStoreAdditions = {
             });
 
           for (const key of this) { // eslint-disable-line no-restricted-syntax
+            if (key.kty === 'oct') {
+              continue; // eslint-disable-line no-continue
+            }
             if (!keyIds.includes(key.kid)) {
               this.remove(key);
             }

diff --git a/test/configuration/client_keystore.test.js b/test/configuration/client_keystore.test.js
@@ -246,6 +246,18 @@ describe('client keystore refresh', () => {
   });
 
   describe('refreshing', () => {
+    it('keeps the derived keys in keystore', async function () {
+      const client = await this.provider.Client.find('client');
+      expect(client.keystore.get({ alg: 'HS256' })).to.be.ok;
+      setResponse();
+      sinon.stub(client.keystore, 'fresh').callsFake(function () {
+        this.fresh.restore();
+        return false;
+      });
+      await client.keystore.refresh();
+      expect(client.keystore.get({ alg: 'HS256' })).to.be.ok;
+    });
+
     it('when a stale keystore is passed to JWT verification it gets refreshed when verification fails', async function () {
       setResponse();