Add separate exception class for PyJWKClient kid errors

[james-mchugh]

Thank you for this project. It has been very helpful for our team integrating authentication into our existing API.

When a kid is passed to the PyJWKClient.get_signing_key method that is not in the JWK set (or is set to None, in the case that it came from PyJWKClient.get_signing_key_from_jwt and the JWT did not include a KID), a PyJWKClientError is raised. This is the same error raised if an issue is detected during client initialization or failed requests to the jkws_uri, but it will likely want to be handled differently by developers. When building an API, client initialization errors or failed requests to the jwks_uri should likely result in 500 responses or immediate failures when starting the server, whereas an error due to the JWT not having a valid KID would likely be related to token validation and should therefore result in a 401 response.

[james-mchugh]

If you think this request is a worthy change, I would be up for submitting a PR

[github-actions[bot]]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days

[james-mchugh]

This is still relevant

[auvipy]

I would like to see the draft implemetation

[github-actions[bot]]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days

[jaferrando]

The exception being raised includes the explicit text 'Unable to find a signing key that matches: "{kid}"'. As it happens in many Python modules, it is sometimes the exception description which is used to disambiguate the underlaying cause of error.

[github-actions[bot]]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days