self.jwks_client.get_signing_key_from_jwt raises uncaught PyJWKClientConnectionError which gets masked as "Token is invalid or expired"

[sometimescasey]

macOS Ventura 13.2
Python 3.12

Admittedly this was my fault for forgetting to run Install Certificates.command when I upgraded to Python 3.12, but this error message did throw me off. I spent a while trying to figure out what was wrong with the JWT token, before I was able to find the real issue:

jwt.exceptions.PyJWKClientConnectionError: Fail to fetch data from the url, err: "<urlopen error [SSL: 
CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)>"

The PyJWKClientConnectionError gets thrown here:

This ultimately gets caught as a TokenError with the message "Token is invalid or expired", and this is what you'll see in the failed request in Chrome inspector:

You can eventually find the correct error if you scroll up high enough in the error log or use a debugger, but I figured I would document in case the error message sends anyone else down the wrong rabbit hole.