A crash occurs if a publisher with keys for an authority generates a grant token for an invalid user ID (eg. acct:@authority) and the client POSTs it to the /api/token route.
In one of the reports in the linked Sentry issue, the contents of the JWT token submitted to the endpoint was:
https://sentry.io/organizations/hypothesis/issues/1106040600/
A crash occurs if a publisher with keys for an authority generates a grant token for an invalid user ID (eg.
acct:@authority
) and the client POSTs it to the/api/token
route.In one of the reports in the linked Sentry issue, the contents of the JWT token submitted to the endpoint was: