From 6871fcd75d79c35798283de427d793ae6f84d7bc Mon Sep 17 00:00:00 2001
From: luxferre <chris@sr2.uk>
Date: Wed, 20 May 2026 10:50:49 +0100
Subject: [PATCH] feat: handling for expired token

Returns a 401 with "Token expired" as the detail
---
 src/auth/service.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/auth/service.py b/src/auth/service.py
index c8fa3b3..fc3cd4c 100644
--- a/src/auth/service.py
+++ b/src/auth/service.py
@@ -9,6 +9,7 @@ import requests
 
 from typing import Annotated, Any
 from joserfc import jwt
+from joserfc.errors import ExpiredTokenError
 from joserfc.jwk import KeySet
 from urllib.request import urlopen
 
@@ -46,7 +47,10 @@ async def get_current_user(oidc_auth_string: oidc_dependency) -> dict[str, Any]:
 
 	claims_requests = jwt.JWTClaimsRegistry(**claims_options)
 
-	claims_requests.validate(token.claims)
+	try:
+		claims_requests.validate(token.claims)
+	except ExpiredTokenError as e:
+		raise HTTPException(status_code=401, detail="Token expired")
 
 	db_id = await add_user_to_db(token.claims)