From 85686aac743d79d3feda8ca445544fbc5bfeb2ff Mon Sep 17 00:00:00 2001
From: Austin Gebauer <agebauer@hashicorp.com>
Date: Thu, 17 Mar 2022 00:37:06 +0000
Subject: [PATCH] backport of commit d16505f2073fbc5ad2854814b280287b8f08e3f6

---
 vault/identity_store_oidc.go | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/vault/identity_store_oidc.go b/vault/identity_store_oidc.go
index 8101ed59decd..02f9ca0d359c 100644
--- a/vault/identity_store_oidc.go
+++ b/vault/identity_store_oidc.go
@@ -1656,10 +1656,6 @@ func (i *IdentityStore) generatePublicJWKS(ctx context.Context, s logical.Storag
 		return nil, err
 	}
 
-	jwks := &jose.JSONWebKeySet{
-		Keys: make([]jose.JSONWebKey, 0),
-	}
-
 	// only return keys that are associated with a role
 	roleNames, err := s.List(ctx, roleConfigPath)
 	if err != nil {
@@ -1687,6 +1683,10 @@ func (i *IdentityStore) generatePublicJWKS(ctx context.Context, s logical.Storag
 		}
 	}
 
+	jwks := &jose.JSONWebKeySet{
+		Keys: make([]jose.JSONWebKey, 0, len(keyIDs)),
+	}
+
 	// load the JSON web key for each key ID
 	for keyID := range keyIDs {
 		key, err := loadOIDCPublicKey(ctx, s, keyID)