Respond with 40x error on outdated testing tokens

[TimKochDev]

Preliminary Checks

• [X] I have reviewed the documentation: https://clerk.com/docs
• [X] I have searched for existing issues: https://github.com/clerk/javascript/issues
• [X] I have not already reached out to Clerk support via email or Discord (if you have, no need to open an issue here)
• [X] This issue is not a question, general help request, or anything other than a bug report directly related to Clerk. Please ask questions in our Discord community: https://clerk.com/discord.

Reproduction

https://github.com/TimKochDev/clerk-playwright-msw

Publishable key

pk_test_bWFqb3ItaGVyb24tODYuY2xlcmsuYWNjb3VudHMuZGV2JA

Description

Steps to reproduce:

1. Send signup request to clerk backend API from an automated test suite together with an outdated or otherwise invalid testing token search param

Expected behavior:

I'd expect to receive a 400 error or 403.

Actual behavior:

I received 429 "bot detection" errors as if I hadn't added the testing token in the first place.

Consequence: I tried to test clerk using playwright and msw. This didn't work with @clerk/testing/playwright because page.route() is not compatible with using msw at the same time. I struggled for hours before realizing that I had long achieved my goal but I still received the same 429 error. This made me think I would still had bugs in my request interception logic while all I had to do was use a fresh testing token.

Environment

"@clerk/clerk-react": "^5.0.3",
    "dotenv": "^16.4.5",
    "msw": "^2.3.0",
    "react": "^18.2.0",
    "react-dom": "^18.2.0",
    "react-router-dom": "^5.2.0",
"@clerk/testing": "^1.0.3",
    "@playwright/test": "^1.44.0",

[agis]

Thanks for the report - this is a great suggestion that would improve usability of testing tokens!

We've created an internal ticket to track this, though this depends on a few key infrastructure changes that we were planning to perform. We'll let follow up here when this is fixed.