fixed access token parsing

packages/stack-server/src/lib/access-token.tsx

@@ -1,5 +1,5 @@
 import * as yup from 'yup';
-import { JWTExpired } from 'jose/errors';
+import { JWTExpired, JOSEError } from 'jose/errors';
 import { decryptJWT, encryptJWT } from '@stackframe/stack-shared/dist/utils/jwt';
 import { StatusError } from '@stackframe/stack-shared/dist/utils/errors';
 import { KnownErrors } from '@stackframe/stack-shared';
@@ -19,6 +19,8 @@ export async function decodeAccessToken(accessToken: string) {
   } catch (error) {
     if (error instanceof JWTExpired) {
       throw new KnownErrors.AccessTokenExpired();
+    } else if (error instanceof JOSEError) {
+      throw new KnownErrors.UnparsableAccessToken();
     }
     throw error;
   }

packages/stack-shared/src/interface/clientInterface.ts

@@ -309,7 +309,7 @@ export class StackClientInterface {
     const processedRes = await this._processResponse(rawRes);
     if (processedRes.status === "error") {
       // If the access token is expired, reset it and retry
-      if (processedRes.error instanceof KnownErrors.AccessTokenExpired) {
+      if (processedRes.error instanceof KnownErrors.InvalidAccessToken) {
         tokenStore.set({
           accessToken: null,
           refreshToken: tokenObj.refreshToken,

packages/stack-shared/src/utils/jwt.tsx

@@ -1,5 +1,6 @@
 import * as jose from "jose";
 import { getEnvVariable } from "./env";
+import { KnownErrors } from "..";
 
 const SERVER_SECRET = jose.base64url.decode(getEnvVariable("SERVER_SECRET"));