Improve error message for ERR_JWKS_NO_MATCHING_KEY

[sclassen]

A config error cost me an afternoon.

This enhanced error message would have helped me find the root of my problem much faster.

[panva]

Hello @sclassen

I'm sorry about the lost afternoon, can you elaborate though? What was the problem and how would this particular change help you?

This is unfortunately a breaking change as it changes the exposed error classes constuctor signature that's being used by downstream modules and user implementations of their own JWKS key resolver functions.

I believe the correct way to provide cause for the failure is not the message, which already describes exactly what the error is, but to use the, aptly named, cause option to provide more context. This could take the form of an object with the alg, kid, kty variables and a structuredClone of the current jwks

[sclassen]

the cause was that an ingress nginx in our test environment replaced the JWT token.

When looking at the request in the browser the correct token was there.
Only when we started to log all tokens on the server we found that the token was replaced.
Having the kid in the message would have helped to find the nginx as the cause much faster.

[wparad]

@sclassen I think you misunderstood was panva was saying. He's says to specify the cause property of the error. Rather than asking "what caused it"