I was looking at #491 and considering working on it, but it would involve modifying code in authorizer.py, which isn't especially well-tested. I wrote some stronger tests before I work on that patch.
In particular, there are better coverage of some error cases, and while working on it I cleaned up some of the authoriser code. It has more robust handling for JWT parsing errors, and I removed an unhittable branch.
I was looking at #491 and considering working on it, but it would involve modifying code in
authorizer.py, which isn't especially well-tested. I wrote some stronger tests before I work on that patch.In particular, there are better coverage of some error cases, and while working on it I cleaned up some of the authoriser code. It has more robust handling for JWT parsing errors, and I removed an unhittable branch.