auth-server `JwtException (KeyError "No suitable key was found to decode the JWT")`

[bmillwood]

From time to time I'll revisit the website and try to log in again with Google and get "Something went wrong" (which I think is the default error 500 page) when redirecting back to /auth/google/complete. This appears to persist until the auth-server is restarted.

Thanks to afee585ec2f7a66d7635ac778b14cd83bf3cd2be we know this is happening in Google.codeToClaims; hopefully d95fe341620f48c881f868121b440efe9c6bb657 will confirm it's happening in OIDC.getValidTokens. My suspicion is that something somewhere has an expiration time and we need to redo OIDC discovery every now and then, or something like that. (Maybe Google rotate their keys? idk)

[bmillwood]

after a week of uptime, I saw this issue again, and indeed it was in getValidTokens. I think there was some more interesting stuff but I foolishly did not save it before I rebooted the box, so I'll have to wait another week for it to break again