Invalid authorization headers raise an exception

[azmeuk]

I stumbled upon a crash to an endpoint protected by token_auth, with a curl request for which I forgot to provide a token.

$ curl -H "Authorization: Bearer " -H "Accept: application/json" "http://localhost:5000/my_api_endpoint"

...
web     |   File "/usr/local/lib/python3.11/site-packages/flask_pyoidc/flask_pyoidc.py", line 455, in wrapper
web     |     token_introspection_result = self.introspect_token(
web     |                                  ^^^^^^^^^^^^^^^^^^^^^^
web     |   File "/usr/local/lib/python3.11/site-packages/flask_pyoidc/flask_pyoidc.py", line 388, in introspect_token
web     |     received_access_token = self._parse_access_token(request)
web     |                             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
web     |   File "/usr/local/lib/python3.11/site-packages/flask_pyoidc/flask_pyoidc.py", line 362, in _parse_access_token
web     |     _, access_token = request.headers['Authorization'].split(maxsplit=1)

The faulty line is this one:

Flask-pyoidc/src/flask_pyoidc/flask_pyoidc.py

Line 362 in 26b1235

_, access_token = request.headers['Authorization'].split(maxsplit=1)

This is reproducible in a repr:

>>> a, b, = "Bearer ".split(maxsplit=1)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
ValueError: not enough values to unpack (expected 2, got 1)

[infohash]

I'll add exception handling there to let the user know that it's a bad access token format. I have an open PR which does few changes to these methods, I'll add this fix there.

• Added JWT Verification In token_auth #161