From b3a92a4e39cec7a43e52bbdcdd10736112c714a5 Mon Sep 17 00:00:00 2001
From: Roeland Jago Douma <roeland@famdouma.nl>
Date: Sun, 21 Oct 2018 14:34:29 +0200
Subject: [PATCH] Expired PK tokens should not fall back to legacy tokens

Fixes #11919

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
---
 lib/private/Authentication/Token/Manager.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/private/Authentication/Token/Manager.php b/lib/private/Authentication/Token/Manager.php
index 7c991eadea..a811393f55 100644
--- a/lib/private/Authentication/Token/Manager.php
+++ b/lib/private/Authentication/Token/Manager.php
@@ -138,6 +138,8 @@ class Manager implements IProvider {
 	public function getTokenById(int $tokenId): IToken {
 		try {
 			return $this->publicKeyTokenProvider->getTokenById($tokenId);
+		} catch (ExpiredTokenException $e) {
+			throw $e;
 		} catch (InvalidTokenException $e) {
 			return $this->defaultTokenProvider->getTokenById($tokenId);
 		}