ZachOrr
diff --git a/‎firebase_admin/_token_gen.py
Lines changed: 13 additions & 2 deletions b/‎firebase_admin/_token_gen.py
Lines changed: 13 additions & 2 deletions
diff --git a/‎firebase_admin/auth.py
Lines changed: 4 additions & 0 deletions b/‎firebase_admin/auth.py
Lines changed: 4 additions & 0 deletions
diff --git a/‎tests/test_token_gen.py
Lines changed: 4 additions & 2 deletions b/‎tests/test_token_gen.py
Lines changed: 4 additions & 2 deletions
@@ -270,8 +270,7 @@ def verify(self, token, request):
                 'or set your Firebase project ID as an app option. Alternatively set the '
                 'GOOGLE_CLOUD_PROJECT environment variable.'.format(self.operation))
 
-        header = jwt.decode_header(token)
-        payload = jwt.decode(token, verify=False)
+        header, payload = self._decode_token(token)
         issuer = payload.get('iss')
         audience = payload.get('aud')
         subject = payload.get('sub')
@@ -347,3 +346,15 @@ def verify(self, token, request):
                 'Invalid Firebase {0}: {1}'.format(self.short_name, error),
                 cause=error,
                 auth_error_code=self.error_code)
+
+    def _decode_token(self, token):
+        try:
+            header = jwt.decode_header(token)
+            payload = jwt.decode(token, verify=False)
+            return header, payload
+        except ValueError as error:
+            raise _auth_utils.FirebaseAuthError(
+                exceptions.INVALID_ARGUMENT,
+                'Invalid Firebase {0}: {1}'.format(self.short_name, error),
+                cause=error,
+                auth_error_code=self.error_code)
@@ -75,8 +75,12 @@
     'verify_id_token',
     'verify_session_cookie',
 
+    'CERTIFICATE_FETCH_FAILED',
     'ID_TOKEN_REVOKED',
+    'INVALID_ID_TOKEN',
+    'INVALID_SESSION_COOKIE',
     'SESSION_COOKIE_REVOKED',
+    'TOKEN_SIGN_FAILED',
     'UNEXPECTED_RESPONSE',
     'USER_NOT_FOUND',
 ]
 
@@ -341,6 +341,7 @@ class TestVerifyIdToken(object):
             'iat': int(time.time()) - 10000,
             'exp': int(time.time()) - 3600
         }),
+        'MalformedToken': 'foobar',
     }
 
     @pytest.mark.parametrize('id_token', valid_tokens.values(), ids=list(valid_tokens))
@@ -382,7 +383,7 @@ def test_revoked_token_do_not_check_revoked(self, user_mgt_app, revoked_tokens,
         assert claims['admin'] is True
         assert claims['uid'] == claims['sub']
 
-    @pytest.mark.parametrize('id_token', [None, '', 'foobar', True, 1, [], {}, {'a': 1}])
+    @pytest.mark.parametrize('id_token', [None, '', True, 1, [], {}, {'a': 1}])
     def test_invalid_jwt(self, user_mgt_app, id_token):
         _overwrite_cert_request(user_mgt_app, MOCK_REQUEST)
         with pytest.raises(ValueError):
@@ -455,6 +456,7 @@ class TestVerifySessionCookie(object):
             'exp': int(time.time()) - 3600
         }),
         'IDToken': TEST_ID_TOKEN,
+        'MalformedToken': 'foobar',
     }
 
     @pytest.mark.parametrize('cookie', valid_cookies.values(), ids=list(valid_cookies))
@@ -490,7 +492,7 @@ def test_revoked_cookie_does_not_check_revoked(self, user_mgt_app, revoked_token
         assert claims['admin'] is True
         assert claims['uid'] == claims['sub']
 
-    @pytest.mark.parametrize('cookie', [None, '', 'foobar', True, 1, [], {}, {'a': 1}])
+    @pytest.mark.parametrize('cookie', [None, '', True, 1, [], {}, {'a': 1}])
     def test_invalid_jwt(self, user_mgt_app, cookie):
         _overwrite_cert_request(user_mgt_app, MOCK_REQUEST)
         with pytest.raises(ValueError):