getClaims is raising a generic Error for expired token

[ex0ns]

Describe the bug

When calling getClaims with a given JWT, the expiration is checked using validateExp which throws Error("JWT has expired").

supabase-js/packages/core/auth-js/src/GoTrueClient.ts

Lines 5907 to 5910 in a7bdb23

	if (!options?.allowExpired) {
	// Reject expired JWTs should only happen if jwt argument was passed
	validateExp(payload.exp)
	}

I believe we could/should catch a rethrow a AuthInvalidJwtError instead (this would be a breaking change though)

happy to make this small change if it makes sense

Library affected

auth-js

Reproduction

No response

Steps to reproduce

call getClaims on an expired token

System Info

System:
    OS: macOS 26.4.1
    CPU: (11) arm64 Apple M3 Pro
    Memory: 304.42 MB / 36.00 GB
    Shell: 5.9 - /bin/zsh
  Binaries:
    Node: 24.14.0 - /Users/ex0ns/.nvm/versions/node/v24.14.0/bin/node
    npm: 11.9.0 - /Users/ex0ns/.nvm/versions/node/v24.14.0/bin/npm
    pnpm: 11.0.9 - /Users/ex0ns/.nvm/versions/node/v24.14.0/bin/pnpm
    bun: 1.3.13 - /opt/homebrew/bin/bun
    Deno: 2.7.13 - /opt/homebrew/bin/deno
  Browsers:
    Chrome: 148.0.7778.179
    Firefox: 150.0.3
    Safari: 26.4

Used Package Manager

pnpm

Logs

No response

Validations

• Follow our Code of Conduct
• Read the Contributing Guidelines.
• Read the docs.
• Check that there isn't already an issue that reports the same bug to avoid creating a duplicate.
• Make sure this is a Supabase JS Library issue and not an issue with the Supabase platform. If it's a Supabase platform related bug, it should likely be reported to supabase/supabase instead.
• Check that this is a concrete bug. For Q&A open a GitHub Discussion or join our Discord Chat Server.
• The provided reproduction is a minimal reproducible example of the bug.

[ex0ns]

thanks !