verify error message is sometimes "invalid token" instead of documented "jwt malformed"

[jedwards1211]

Description

I expected verify to throw "jwt malformed" errors when it can't describe the problem more specifically. Instead, it's throwing "invalid token" in the following example:

Reproduction

const { sign, verify } = require('jsonwebtoken')

const secret = `;lkjaslknwineijlk4jlksdf`

const signed = sign({ foo: 'bar' }, secret)
try {
  verify(signed.substring(1), secret)
} catch (error) {
  // JsonWebTokenError: invalid token
  console.error(error)
}

Environment

• Version of this library used: 8.5.1
• Version of the platform or framework used, if applicable: Node 12.16.0

[panva]

invalid token might just need to be documented.

• invalid token - when the decoded header cannot be parsed as JSON
• jwt malformed - the token does not have three components (delimited by a ".")

Ultimately I don't see a problem here. They could be merged into one, sure - in the next major.

Feel free to open a PR adding the invalid token message to the list in the JsonWebTokenError section.

[jedwards1211]

ah I see. "invalid header" or "invalid payload" would be more correct since the entire string is referred to as a token