diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoder.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoder.java
index e5a6368e92..936eb8b1dd 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoder.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoder.java
@@ -457,8 +457,12 @@ public List<JWK> get(JWKSelector jwkSelector, SecurityContext context) throws Ke
 						return Collections.emptyList();
 					}
 					synchronized (this) {
-						jwkSet = fetchJWKSet();
-						this.jwkSetCache.put(jwkSet);
+						if(jwkSet == this.jwkSetCache.get()) {
+							jwkSet = fetchJWKSet();
+							this.jwkSetCache.put(jwkSet);
+						} else {
+							jwkSet = this.jwkSetCache.get();
+						}
 					}
 					if(jwkSet == null) {
 						return Collections.emptyList();