From a1c9f4665707abdef864488de0d7a174cbe606f2 Mon Sep 17 00:00:00 2001
From: Jimmy Zelinskie <jimmy.zelinskie+git@gmail.com>
Date: Wed, 26 Oct 2016 11:42:36 -0400
Subject: [PATCH 1/2] example config: fix mispelling

The key is "jwk_set_url" not "jwk_set_uri".
---
 example_config.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/example_config.yaml b/example_config.yaml
index caba92a..f276839 100644
--- a/example_config.yaml
+++ b/example_config.yaml
@@ -28,7 +28,7 @@ chihaya:
     config:
       issuer: https://issuer.com
       audience: https://chihaya.issuer.com
-      jwk_set_uri: https://issuer.com/keys
+      jwk_set_url: https://issuer.com/keys
       jwk_set_update_interval: 5m
   - name: client approval
     config:

From 5b9de47e7addb0feabc3299b5ffe10be5ef05d93 Mon Sep 17 00:00:00 2001
From: Jimmy Zelinskie <jimmy.zelinskie+git@gmail.com>
Date: Wed, 26 Oct 2016 13:58:28 -0400
Subject: [PATCH 2/2] middleware/jwt: assume KIDs in JWK Set

This also adds additional debug logging.
---
 middleware/jwt/jwt.go | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/middleware/jwt/jwt.go b/middleware/jwt/jwt.go
index 47b6eec..5674ceb 100644
--- a/middleware/jwt/jwt.go
+++ b/middleware/jwt/jwt.go
@@ -51,15 +51,17 @@ type hook struct {
 
 // NewHook returns an instance of the JWT middleware.
 func NewHook(cfg Config) (middleware.Hook, error) {
+	log.Debugf("creating new JWT middleware with config: %#v", cfg)
 	h := &hook{
 		cfg:        cfg,
 		publicKeys: map[string]crypto.PublicKey{},
 		closing:    make(chan struct{}),
 	}
 
+	log.Debug("performing initial fetch of JWKs")
 	err := h.updateKeys()
 	if err != nil {
-		return nil, errors.New("failed to update initial JWK Set: " + err.Error())
+		return nil, errors.New("failed to fetch initial JWK Set: " + err.Error())
 	}
 
 	go func() {
@@ -68,6 +70,7 @@ func NewHook(cfg Config) (middleware.Hook, error) {
 			case <-h.closing:
 				return
 			case <-time.After(cfg.JWKUpdateInterval):
+				log.Debug("performing fetch of JWKs")
 				h.updateKeys()
 			}
 		}
@@ -83,7 +86,7 @@ func (h *hook) updateKeys() error {
 		return err
 	}
 
-	parsedJWKs := map[string]gojwk.Key{}
+	var parsedJWKs gojwk.Key
 	err = json.NewDecoder(resp.Body).Decode(&parsedJWKs)
 	if err != nil {
 		resp.Body.Close()
@@ -93,20 +96,22 @@ func (h *hook) updateKeys() error {
 	resp.Body.Close()
 
 	keys := map[string]crypto.PublicKey{}
-	for kid, parsedJWK := range parsedJWKs {
+	for _, parsedJWK := range parsedJWKs.Keys {
 		publicKey, err := parsedJWK.DecodePublicKey()
 		if err != nil {
 			log.Errorln("failed to decode JWK into public key: " + err.Error())
 			return err
 		}
-		keys[kid] = publicKey
+		keys[parsedJWK.Kid] = publicKey
 	}
 	h.publicKeys = keys
 
+	log.Debug("successfully fetched JWK Set")
 	return nil
 }
 
 func (h *hook) Stop() <-chan error {
+	log.Debug("attempting to shutdown JWT middleware")
 	select {
 	case <-h.closing:
 		return stopper.AlreadyStopped