No credentials found for given 'iss'

Hi folks,

As the title suggests, I’m getting the “No credentials found for given ‘iss’” from Kong when making some requests. I’m certain that the ‘iss’ field is populated in the JWT. I believe the error is related to retrieving the jwt_secret from the cache (https://github.com/Kong/kong/blob/master/kong/plugins/jwt/handler.lua#L158). The tricky thing is, I can’t reliably reproduce the error. It doesn’t happen on every request. We’re pre-creating some tokens, and I believe the issue occurs when the tokens get a bit “stale” (but the notBefore, notAfter and expiration fields check out).

It’s as if the cache entry has been invalidated or was improperly set to begin with, but I’m unclear how to get to the root cause. I’m confident that no logout (session deletion) has been performed which would cause this. Furthermore, the cache size is 512mb which seems large enough to where things shouldn’t be getting bumped out of the cache or anything.

Any ideas getting to the bottom of this would be greatly appreciated.

Thanks!
Edit: I found 2 other forum posts for this error but I believe unrelated to what I’m experiencing.