diff --git a/packages/stack-server/src/lib/access-token.tsx b/packages/stack-server/src/lib/access-token.tsx index c6398bb41..11f4c4630 100644 --- a/packages/stack-server/src/lib/access-token.tsx +++ b/packages/stack-server/src/lib/access-token.tsx @@ -1,5 +1,5 @@ import * as yup from 'yup'; -import { JWTExpired } from 'jose/errors'; +import { JWTExpired, JOSEError } from 'jose/errors'; import { decryptJWT, encryptJWT } from '@stackframe/stack-shared/dist/utils/jwt'; import { StatusError } from '@stackframe/stack-shared/dist/utils/errors'; import { KnownErrors } from '@stackframe/stack-shared'; @@ -19,6 +19,8 @@ export async function decodeAccessToken(accessToken: string) { } catch (error) { if (error instanceof JWTExpired) { throw new KnownErrors.AccessTokenExpired(); + } else if (error instanceof JOSEError) { + throw new KnownErrors.UnparsableAccessToken(); } throw error; } diff --git a/packages/stack-shared/src/interface/clientInterface.ts b/packages/stack-shared/src/interface/clientInterface.ts index 0f4d729e7..c0fcb6928 100644 --- a/packages/stack-shared/src/interface/clientInterface.ts +++ b/packages/stack-shared/src/interface/clientInterface.ts @@ -309,7 +309,7 @@ export class StackClientInterface { const processedRes = await this._processResponse(rawRes); if (processedRes.status === "error") { // If the access token is expired, reset it and retry - if (processedRes.error instanceof KnownErrors.AccessTokenExpired) { + if (processedRes.error instanceof KnownErrors.InvalidAccessToken) { tokenStore.set({ accessToken: null, refreshToken: tokenObj.refreshToken, diff --git a/packages/stack-shared/src/utils/jwt.tsx b/packages/stack-shared/src/utils/jwt.tsx index f64992cca..35b2028fa 100644 --- a/packages/stack-shared/src/utils/jwt.tsx +++ b/packages/stack-shared/src/utils/jwt.tsx @@ -1,5 +1,6 @@ import * as jose from "jose"; import { getEnvVariable } from "./env"; +import { KnownErrors } from ".."; const SERVER_SECRET = jose.base64url.decode(getEnvVariable("SERVER_SECRET"));