JWTMiddleware warns/decodes tokens excessively

[ghost]

Description

JWTMiddleware warns excessively for our application because we have non-Shopify endpoints that include HTTP_AUTHORIZATION headers. We aren't mounting the ShopifyApp::Engine so I was surprised to find that any decoding was happening at all. Can the decoding be restricted to just Shopify endpoints somehow or be disabled by configuration?

Steps to Reproduce

1. Install shopify_app gem
2. Make an API call with an HTTP AUTHORIZATION header that's not from Shopify

Expected behavior:

Non-Shopify calls are ignored

Actual behavior:

A warning is logged: [ShopifyApp::JWT] Failed to validate JWT: [JWT::DecodeError] Not enough or too many segments

Reproduces how often:

100%

Gem versions

21.2.0

[ghost]

If anyone else needs a workaround for this that is not actually using the JWTMiddleware you can add this to your config/application.rb:

    config.before_initialize do
      config.middleware.delete ShopifyApp::JWTMiddleware
    end

[klenotiw]

Thanks for the feedback! We decided it was best to just remove this log.