AuthErrors end up as 500s

[bhearsum]

For example, we had this happen recently on stage:

JWTClaimsError: Invalid audience
  File "auslib/util/auth.py", line 71, in verified_userinfo
    payload = jose.jwt.decode(access_token, rsa_key, algorithms=["RS256"], audience=auth_audience, issuer="https://{}/".format(auth_domain))
  File "jose/jwt.py", line 157, in decode
    _validate_claims(
  File "jose/jwt.py", line 484, in _validate_claims
    _validate_aud(claims, audience=audience)
  File "jose/jwt.py", line 350, in _validate_aud
    raise JWTClaimsError("Invalid audience")

AuthError: ({'code': 'invalid_claims', 'description': 'incorrect claims, please check the audience and issuer'}, 401)
  File "flask/app.py", line 1821, in full_dispatch_request
    rv = self.preprocess_request()
  File "flask/app.py", line 2313, in preprocess_request
    rv = self.ensure_sync(before_func)()
  File "auslib/web/admin/base.py", line 49, in setup_request
    username = verified_userinfo(request, app.config["AUTH_DOMAIN"], app.config["AUTH_AUDIENCE"])["email"]
  File "auslib/util/auth.py", line 87, in verified_userinfo
    raise AuthError({"code": "invalid_claims", "description": "incorrect claims, please check the audience and issuer"}, 401)

It looks like these are supposed to end up as 403s, but it seems that handler is not always in the stack for all possible causes of these exceptions.

[gabrielBusta]

Dupe of #2605?

[bhearsum]

Not quite -- that bug is about the fact that we hit rate limits. This one is about us turning issues verifying tokens into 500s (instead of being 403s). No rate limiting involved in this one.

[gabrielBusta]

Oh duh. I misread this issue 🤪