Handle invalid token when adding redirection headers

Author: randyabson

lib/shopify_app/controller_concerns/login_protection.rb

@@ -89,8 +89,13 @@ def add_top_level_redirection_headers(url: nil, ignore_response_code: false)
             current_shopify_session.shop
 
           elsif shopify_id_token
-            jwt_payload = ShopifyAPI::Auth::JwtPayload.new(shopify_id_token)
-            jwt_payload.shop
+            begin
+              jwt_payload = ShopifyAPI::Auth::JwtPayload.new(shopify_id_token)
+              jwt_payload.shop
+            rescue ShopifyAPI::Errors::InvalidJwtTokenError
+              ShopifyApp::Logger.warn("Invalid JWT token for current Shopify session")
+              nil
+            end
           end
         end