Handle invalid token when adding redirection headers

Author: randyabson

lib/shopify_app/controller_concerns/login_protection.rb

@@ -85,13 +85,7 @@ def add_top_level_redirection_headers(url: nil, ignore_response_code: false)
         # Make sure the shop is set in the redirection URL
         unless params[:shop]
           ShopifyApp::Logger.debug("Setting current shop session")
-          params[:shop] = if current_shopify_session
-            current_shopify_session.shop
-
-          elsif shopify_id_token
-            jwt_payload = ShopifyAPI::Auth::JwtPayload.new(shopify_id_token)
-            jwt_payload.shop
-          end
+          params[:shop] = current_shopify_session&.shop || parse_shop_from_jwt
         end
 
         url ||= login_url_with_optional_shop
@@ -279,5 +273,15 @@ def requested_by_javascript?
         request.media_type == "text/javascript" ||
         request.media_type == "application/javascript"
     end
+
+    def parse_shop_from_jwt
+      return nil unless shopify_id_token
+
+      jwt_payload = ShopifyAPI::Auth::JwtPayload.new(shopify_id_token)
+      jwt_payload.shop
+    rescue ShopifyAPI::Errors::InvalidJwtTokenError
+      ShopifyApp::Logger.warn("Invalid JWT token for current Shopify session")
+      nil
+    end
   end
 end