internal: fix certificate not refetched if fingerprint changes (#19761)

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2026-06-17 19:09:11 +03:00 · 2026-01-26 17:07:35 +01:00
parent cdd3fb7827
commit 9cb7c74e1c
1 changed files with 7 additions and 4 deletions
@@ -29,10 +29,13 @@ func NewCryptoStore(cryptoApi *api.CryptoApiService) *CryptoStore {
 }

 func (cs *CryptoStore) AddKeypair(uuid string) error {
-	// If they keypair was already added, don't
-	// do it again
-	if _, ok := cs.fingerprints[uuid]; ok {
-		return nil
+	// Check if the cached fingerprint matches the certificate,
+	// if not, we re-fetch it
+	if sfp, ok := cs.fingerprints[uuid]; ok {
+		fp := cs.getFingerprint(uuid)
+		if sfp == fp {
+			return nil
+		}
 	}
 	// reset fingerprint to force update
 	cs.fingerprints[uuid] = ""