Merge pull request #1635 from nats-io/sys-acc-rev-fix

Skip revocation check if the client has no jwt and is therefore internal
2026-04-02 03:38:42 -07:00 · 2020-10-09 12:57:15 -06:00
parent 618cde9039 db44b589fc
commit fec5b7fdef
1 changed files with 1 additions and 1 deletions
--- a/server/accounts.go
+++ b/server/accounts.go
@@ -2654,7 +2654,7 @@ func (s *Server) updateAccountClaimsWithRefresh(a *Account, ac *jwt.AccountClaim
 		theJWT := c.opts.JWT
 		c.mu.Unlock()
 		// Check for being revoked here. We use ac one to avoid the account lock.
-		if ac.Revocations != nil {
+		if ac.Revocations != nil && theJWT != "" {
 			if juc, err := jwt.DecodeUserClaims(theJWT); err != nil {
 				c.Debugf("User JWT not valid: %v", err)
 				c.authViolation()