From f577d10a0a0a3985bc7212ca06067028bb2a96ce Mon Sep 17 00:00:00 2001
From: Leopoldo Brines <leopoldo.brines@mercadolibre.com>
Date: Thu, 19 Nov 2020 19:21:14 -0300
Subject: [PATCH] Add support for non-pointer JSONWebKeySet

---
 jwt/jwt.go      | 10 ++++++++--
 jwt/jwt_test.go | 17 ++++++++++++-----
 2 files changed, 20 insertions(+), 7 deletions(-)

diff --git a/jwt/jwt.go b/jwt/jwt.go
index aa13d4f0..47498840 100644
--- a/jwt/jwt.go
+++ b/jwt/jwt.go
@@ -137,8 +137,14 @@ func ParseSignedAndEncrypted(s string) (*NestedJSONWebToken, error) {
 }
 
 func tryJWKS(headers []jose.Header, key interface{}) interface{} {
-	jwks, ok := key.(*jose.JSONWebKeySet)
-	if !ok {
+	var jwks jose.JSONWebKeySet
+
+	switch jwksType := key.(type) {
+	case *jose.JSONWebKeySet:
+		jwks = *jwksType
+	case jose.JSONWebKeySet:
+		jwks = jwksType
+	default:
 		return key
 	}
 
diff --git a/jwt/jwt_test.go b/jwt/jwt_test.go
index 97280cb4..b17a9802 100644
--- a/jwt/jwt_test.go
+++ b/jwt/jwt_test.go
@@ -81,12 +81,19 @@ func TestDecodeTokenWithJWKS(t *testing.T) {
 	tok, err := ParseSigned(rsaSignedTokenWithKid)
 	if assert.NoError(t, err, "Error parsing signed token.") {
 		cl := make(map[string]interface{})
+		expected := map[string]interface{}{
+			"sub":    "subject",
+			"iss":    "issuer",
+			"scopes": []interface{}{"s1", "s2"},
+		}
+
 		if assert.NoError(t, tok.Claims(jwks, &cl)) {
-			assert.Equal(t, map[string]interface{}{
-				"sub":    "subject",
-				"iss":    "issuer",
-				"scopes": []interface{}{"s1", "s2"},
-			}, cl)
+			assert.Equal(t, expected, cl)
+		}
+
+		cl = make(map[string]interface{})
+		if assert.NoError(t, tok.Claims(*jwks, &cl)) {
+			assert.Equal(t, expected, cl)
 		}
 	}
 }