From db44b589fcab4573a2be602a7a0f3a8c470d7d4d Mon Sep 17 00:00:00 2001
From: Matthias Hanel <mh@synadia.com>
Date: Fri, 9 Oct 2020 14:41:32 -0400
Subject: [PATCH] Skip revocation check if the client has no jwt and is
 therefore internal

Signed-off-by: Matthias Hanel <mh@synadia.com>
---
 server/accounts.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/accounts.go b/server/accounts.go
index e1a7d02e..050ea081 100644
--- a/server/accounts.go
+++ b/server/accounts.go
@@ -2654,7 +2654,7 @@ func (s *Server) updateAccountClaimsWithRefresh(a *Account, ac *jwt.AccountClaim
 		theJWT := c.opts.JWT
 		c.mu.Unlock()
 		// Check for being revoked here. We use ac one to avoid the account lock.
-		if ac.Revocations != nil {
+		if ac.Revocations != nil && theJWT != "" {
 			if juc, err := jwt.DecodeUserClaims(theJWT); err != nil {
 				c.Debugf("User JWT not valid: %v", err)
 				c.authViolation()