further simplify code

Author: hf

src/GoTrueClient.ts

@@ -3066,12 +3066,13 @@ export default class GoTrueClient {
         validateExp(payload.exp)
       }
 
+      const signingKey =
+        !header.alg || header.alg.startsWith('HS') || !header.kid
+          ? null
+          : await this.fetchJwk(header.kid, options?.keys ? { keys: options.keys } : options?.jwks)
+
       // If symmetric algorithm or WebCrypto API is unavailable, fallback to getUser()
-      if (
-        !header.kid ||
-        header.alg === 'HS256' ||
-        !('crypto' in globalThis && 'subtle' in globalThis.crypto)
-      ) {
+      if (!signingKey || !('crypto' in globalThis && 'subtle' in globalThis.crypto)) {
         const { error } = await this.getUser(token)
         if (error) {
           throw error
@@ -3088,45 +3089,22 @@ export default class GoTrueClient {
       }
 
       const algorithm = getAlgorithm(header.alg)
-      const signingKey = await this.fetchJwk(
-        header.kid,
-        options?.keys ? { keys: options.keys } : options?.jwks
-      )
 
-      if (signingKey) {
-        // Convert JWK to CryptoKey
-        const publicKey = await crypto.subtle.importKey('jwk', signingKey, algorithm, true, [
-          'verify',
-        ])
-
-        // Verify the signature
-        const isValid = await crypto.subtle.verify(
-          algorithm,
-          publicKey,
-          signature,
-          stringToUint8Array(`${rawHeader}.${rawPayload}`)
-        )
+      // Convert JWK to CryptoKey
+      const publicKey = await crypto.subtle.importKey('jwk', signingKey, algorithm, true, [
+        'verify',
+      ])
 
-        if (!isValid) {
-          throw new AuthInvalidJwtError('Invalid JWT signature')
-        }
-      } else {
-        // no signing key found in the JWKS, this might mean that the developer rotated the JWT signing key too fast without waiting for all caches to be purged
-        // in this case, validate the JWT directly with the Auth server
+      // Verify the signature
+      const isValid = await crypto.subtle.verify(
+        algorithm,
+        publicKey,
+        signature,
+        stringToUint8Array(`${rawHeader}.${rawPayload}`)
+      )
 
-        const { error } = await this.getUser(token)
-        if (error) {
-          throw error
-        }
-        // getUser succeeds so the claims in the JWT can be trusted
-        return {
-          data: {
-            claims: payload,
-            header,
-            signature,
-          },
-          error: null,
-        }
+      if (!isValid) {
+        throw new AuthInvalidJwtError('Invalid JWT signature')
       }
 
       // If verification succeeds, decode and return claims

src/lib/helpers.ts

@@ -340,7 +340,9 @@ export function validateExp(exp: number) {
   }
 }
 
-export function getAlgorithm(alg: 'RS256' | 'ES256'): RsaHashedImportParams | EcKeyImportParams {
+export function getAlgorithm(
+  alg: 'HS256' | 'RS256' | 'ES256'
+): RsaHashedImportParams | EcKeyImportParams {
   switch (alg) {
     case 'RS256':
       return {