Improve invalid JWT detection

Author: frankie567

fief_client/client.py

@@ -321,9 +321,7 @@ def _validate_access_token(
 
         except jwt.JWTExpired as e:
             raise FiefAccessTokenExpired() from e
-        except jwt.JWException as e:
-            raise FiefAccessTokenInvalid() from e
-        except KeyError as e:
+        except (jwt.JWException, KeyError, ValueError) as e:
             raise FiefAccessTokenInvalid() from e
 
     def _decode_id_token(

tests/test_client.py

@@ -441,6 +441,10 @@ async def test_valid_response_async(
 
 
 class TestValidateAccessToken:
+    def test_invalid_token(self, fief_client: Fief):
+        with pytest.raises(FiefAccessTokenInvalid):
+            fief_client.validate_access_token("INVALID_TOKEN")
+
     def test_invalid_signature(self, fief_client: Fief):
         with pytest.raises(FiefAccessTokenInvalid):
             fief_client.validate_access_token(
@@ -531,6 +535,11 @@ def test_valid_permission(
             "access_token": access_token,
         }
 
+    @pytest.mark.asyncio
+    async def test_async_invalid_token(self, fief_async_client: FiefAsync):
+        with pytest.raises(FiefAccessTokenInvalid):
+            await fief_async_client.validate_access_token("INVALID_TOKEN")
+
     @pytest.mark.asyncio
     async def test_async_invalid_signature(self, fief_async_client: FiefAsync):
         with pytest.raises(FiefAccessTokenInvalid):

tests/test_integrations_fastapi.py

@@ -166,6 +166,13 @@ async def test_missing_token(self, test_client: httpx.AsyncClient):
 
         assert response.status_code == status.HTTP_401_UNAUTHORIZED
 
+    async def test_invalid_token(self, test_client: httpx.AsyncClient):
+        response = await test_client.get(
+            "/authenticated", headers={"Authorization": "Bearer INVALID_TOKEN"}
+        )
+
+        assert response.status_code == status.HTTP_401_UNAUTHORIZED
+
     async def test_expired_token(
         self, test_client: httpx.AsyncClient, generate_access_token
     ):

tests/test_integrations_flask.py

@@ -122,6 +122,13 @@ def test_invalid_authorization_header(self, test_client: FlaskClient):
 
         assert response.status_code == 401
 
+    def test_invalid_token(self, test_client: FlaskClient):
+        response = test_client.get(
+            "/authenticated", headers={"Authorization": "Bearer INVALID_TOKEN"}
+        )
+
+        assert response.status_code == 401
+
     def test_expired_token(self, test_client: FlaskClient, generate_access_token):
         access_token = generate_access_token(encrypt=False, exp=0)