From ffadbf1830caffcf804c97499b6611ec8eff835d Mon Sep 17 00:00:00 2001
From: Ichinose Shogo <shogo82148@gmail.com>
Date: Fri, 1 Apr 2022 14:39:55 +0900
Subject: [PATCH] ignore public keys that have unknown kyt

---
 provider/assume-role/github/jwk/jwks.go  | 7 +++----
 provider/assume-role/github/oidc/jwks.go | 2 +-
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/provider/assume-role/github/jwk/jwks.go b/provider/assume-role/github/jwk/jwks.go
index 50a32f9..c7fe7aa 100644
--- a/provider/assume-role/github/jwk/jwks.go
+++ b/provider/assume-role/github/jwk/jwks.go
@@ -16,11 +16,10 @@ func ParseSet(data []byte) (*Set, error) {
 
 	list := make([]Key, 0, len(keys.Keys))
 	for _, raw := range keys.Keys {
-		key, err := ParseKey(raw)
-		if err != nil {
-			return nil, err
+		if key, err := ParseKey(raw); err == nil {
+			list = append(list, key)
+			// Ignore keys that cannot be parsed.
 		}
-		list = append(list, key)
 	}
 	return &Set{
 		Keys: list,
diff --git a/provider/assume-role/github/oidc/jwks.go b/provider/assume-role/github/oidc/jwks.go
index 9ee145d..25e94fa 100644
--- a/provider/assume-role/github/oidc/jwks.go
+++ b/provider/assume-role/github/oidc/jwks.go
@@ -49,7 +49,7 @@ func (c *Client) GetJWKS(ctx context.Context, url string) (*jwk.Set, error) {
 
 		set, err := jwk.ParseSet(data)
 		if err != nil {
-
+			return nil, time.Time{}, err
 		}
 		return set, expiresAt, nil
 	})