diff --git a/permissions_engine/authz.rego b/permissions_engine/authz.rego
index a8cb520..46eb274 100644
--- a/permissions_engine/authz.rego
+++ b/permissions_engine/authz.rego
@@ -56,11 +56,13 @@ allow {
 
 decode_verify_token_output[issuer] := output {
     some i
+    issuer := data.keys[i].iss
+    cert := data.keys[i].cert
     output := io.jwt.decode_verify(     # Decode and verify in one-step
         input.identity,
         {                         # With the supplied constraints:
-            "cert": data.keys[i].cert,
-            "iss": data.keys[i].iss,
+            "cert": cert,
+            "iss": issuer,
             "aud": "CLIENT_ID"
         }
     )
diff --git a/permissions_engine/idp.rego b/permissions_engine/idp.rego
index 2611928..80c525e 100644
--- a/permissions_engine/idp.rego
+++ b/permissions_engine/idp.rego
@@ -6,11 +6,13 @@ package idp
 #
 decode_verify_token_output[issuer] := output {
     some i
+    issuer := data.keys[i].iss
+    cert := data.keys[i].cert
     output := io.jwt.decode_verify(     # Decode and verify in one-step
         input.token,
         {                         # With the supplied constraints:
-            "cert": data.keys[i].cert,
-            "iss": data.keys[i].iss,
+            "cert": cert,
+            "iss": issuer,
             "aud": "CLIENT_ID"
         }
     )