Bearer tokens will need further work for validation

[ponyisi]

@oshadura reports a problem in 1.7.5-rc1 with bearer tokens and auth off:

RROR cmsaf-servicex servicex_app Got exception while submitting transformation request
Traceback (most recent call last):
  File "/home/servicex/servicex_app/resources/transformation/submit.py", line 163, in post
    user = self.get_requesting_user()
  File "/usr/local/lib/python3.10/site-packages/flask_jwt_extended/view_decorators.py", line 167, in decorator
    verify_jwt_in_request(
  File "/usr/local/lib/python3.10/site-packages/flask_jwt_extended/view_decorators.py", line 94, in verify_jwt_in_request
    jwt_data, jwt_header, jwt_location = _decode_jwt_from_request(
  File "/usr/local/lib/python3.10/site-packages/flask_jwt_extended/view_decorators.py", line 340, in _decode_jwt_from_request
    decoded_token = decode_token(encoded_token, csrf_token)
  File "/usr/local/lib/python3.10/site-packages/flask_jwt_extended/utils.py", line 128, in decode_token
    return jwt_manager._decode_jwt_from_config(encoded_token, csrf_value, allow_expired)
  File "/usr/local/lib/python3.10/site-packages/flask_jwt_extended/jwt_manager.py", line 557, in _decode_jwt_from_config
    return _decode_jwt(**kwargs, allow_expired=allow_expired)
  File "/usr/local/lib/python3.10/site-packages/flask_jwt_extended/tokens.py", line 96, in _decode_jwt
    decoded_token = jwt.decode(
  File "/usr/local/lib/python3.10/site-packages/jwt/api_jwt.py", line 222, in decode
    decoded = self.decode_complete(
  File "/usr/local/lib/python3.10/site-packages/jwt/api_jwt.py", line 156, in decode_complete
    decoded = api_jws.decode_complete(
  File "/usr/local/lib/python3.10/site-packages/jwt/api_jws.py", line 220, in decode_complete
    self._verify_signature(signing_input, header, signature, key, algorithms)
  File "/usr/local/lib/python3.10/site-packages/jwt/api_jws.py", line 325, in _verify_signature
    prepared_key = alg_obj.prepare_key(key)
  File "/usr/local/lib/python3.10/site-packages/jwt/algorithms.py", line 349, in prepare_key
    raise InvalidKeyError(
jwt.exceptions.InvalidKeyError: Could not parse the provided public key. extra: {'requestId': '227d1a27-a41d-46e0-b6f1-4b2c87b4f065'}

This seems to get triggered by the jwt_required decorator, which seems to be complaining that it doesn't know the public key for the CMS bearer token provided at UNL. The key needs to be obtained from the CMS IAM, which PyJWT doesn't do automatically, but perhaps could be done with a package like https://github.com/ioxiocom/pyjwt-key-fetcher ?

Until this is fixed we're still going to have problems with the auth-off path. It might make sense for now to wrap jwt_required in a small function that avoids the checks completely if auth is off.