From 6ee096b4b98151bc6f228d98a4af330a0df75034 Mon Sep 17 00:00:00 2001
From: John Landa <john.landa@hashicorp.com>
Date: Mon, 5 Feb 2024 17:16:51 -0700
Subject: [PATCH] Update Validator godoc, add additional jwt test case

---
 jwt/jwt.go      |  4 +++-
 jwt/jwt_test.go | 12 ++++++++++++
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/jwt/jwt.go b/jwt/jwt.go
index 063e913..452df2e 100644
--- a/jwt/jwt.go
+++ b/jwt/jwt.go
@@ -19,7 +19,9 @@ import (
 const DefaultLeewaySeconds = 150
 
 // Validator validates JSON Web Tokens (JWT) by providing signature
-// verification and claims set validation.
+// verification and claims set validation. Validator can contain either
+// a single or multiple KeySets and will attempt to verify the JWT by iterating
+// through the configured KeySets.
 type Validator struct {
 	keySets []KeySet
 }
diff --git a/jwt/jwt_test.go b/jwt/jwt_test.go
index 09f6d1d..84ea347 100644
--- a/jwt/jwt_test.go
+++ b/jwt/jwt_test.go
@@ -615,6 +615,18 @@ func TestNewValidator(t *testing.T) {
 				},
 			},
 		},
+		{
+			name: "new validator with nil keySet in keySets",
+			args: args{
+				keySets: func() []KeySet {
+					ks, err := NewJSONWebKeySet(context.Background(),
+						"https://issuer.com/"+wellKnownJWKS, "")
+					require.NoError(t, err)
+					return []KeySet{ks, nil}
+				},
+			},
+			wantErr: true,
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {