v2.0.1 - handle InvalidJwtError with 401 instead of 500

Author: TheSecurityDev

package.json

@@ -1,6 +1,6 @@
 {
   "name": "simple-koa-shopify-auth",
-  "version": "2.0.0",
+  "version": "2.0.1",
   "description": "A better, simplified version of the (no longer supported) @Shopify/koa-shopify-auth middleware library. It removes the use of cookies for sessions (which greatly smooths the auth process), replaces a deprecated API call, and supports v2 of the official @shopify/shopify-api package.",
   "author": "TheSecurityDev",
   "license": "MIT",

src/create-shopify-auth.ts

@@ -90,15 +90,15 @@ export default function createShopifyAuth(options: OAuthBeginConfig) {
         switch (true) {
           case err instanceof Shopify.Errors.InvalidOAuthError:
             ctx.throw(400, err.message);
-            break;
           case err instanceof Shopify.Errors.CookieNotFound:
           case err instanceof Shopify.Errors.SessionNotFound:
             // This is likely because the OAuth session cookie expired before the merchant approved the request
             ctx.redirect(`${oAuthStartPath}?shop=${shop}`);
             break;
+          case err instanceof Shopify.Errors.InvalidJwtError:
+            ctx.throw(401, err.message);
           default:
             ctx.throw(500, err.message);
-            break;
         }
       }
       return;