From cf00c5d373c8b362a8a022d40e861c7aaecf593b Mon Sep 17 00:00:00 2001
From: hschoenenberger <herve.schoenenberger@prestashop.com>
Date: Tue, 10 Dec 2024 14:12:26 +0100
Subject: [PATCH] fix: invalid kid exception handling

---
 src/Provider/Traits/TokenValidatorTrait.php | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/Provider/Traits/TokenValidatorTrait.php b/src/Provider/Traits/TokenValidatorTrait.php
index 4924e96..e054562 100644
--- a/src/Provider/Traits/TokenValidatorTrait.php
+++ b/src/Provider/Traits/TokenValidatorTrait.php
@@ -8,7 +8,6 @@
 use Firebase\JWT\SignatureInvalidException;
 use PrestaShop\OAuth2\Client\Provider\CachedFile;
 use PrestaShop\OAuth2\Client\Provider\Exception;
-use PrestaShop\OAuth2\Client\Provider\Exception\KidInvalidException;
 
 trait TokenValidatorTrait
 {
@@ -62,8 +61,11 @@ public function verifyToken($token, $refreshJwks = false)
             throw new Exception\SignatureInvalidException($e->getMessage());
         } catch (\UnexpectedValueException $e) {
             // FIXME: check kid header by ourselves
-            if (!$refreshJwks && $e->getMessage() == '"kid" invalid, unable to lookup correct key') {
-                return $this->verifyToken($token, true);
+            if ($e->getMessage() == '"kid" invalid, unable to lookup correct key') {
+                if (!$refreshJwks) {
+                    return $this->verifyToken($token, true);
+                }
+                throw new Exception\KidInvalidException($e->getMessage());
             }
             throw new Exception\TokenInvalidException($e->getMessage());
         } catch (\Throwable $e) {