From f15c0a18e3f466bf0415c8e6fd92d7e1e9170eb0 Mon Sep 17 00:00:00 2001
From: Ben Bangert <100193+bbangert@users.noreply.github.com>
Date: Mon, 29 Jul 2024 17:56:09 +0000
Subject: [PATCH] fix(auth): handle missing key comparison in genkeys Because:

* The key comparison was requiring the old key to exist.

This commit:

* Handles the case where the old key is missing.
---
 packages/fxa-auth-server/lib/oauth/keys.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/packages/fxa-auth-server/lib/oauth/keys.ts b/packages/fxa-auth-server/lib/oauth/keys.ts
index e51fae198b..592d0038e3 100644
--- a/packages/fxa-auth-server/lib/oauth/keys.ts
+++ b/packages/fxa-auth-server/lib/oauth/keys.ts
@@ -82,8 +82,8 @@ if (oldPubJWK) {
     'openid.oldKey must be a valid public key'
   );
   assert.notEqual(
-    currentPrivJWK.kid,
-    oldPubJWK.kid,
+    currentPrivJWK?.kid,
+    oldPubJWK?.kid,
     'openid.key.kid must differ from openid.oldKey.id'
   );
   PRIVATE_JWKS_MAP.set(oldPubJWK.kid, oldPubJWK);