Need a way to destroy the session if a user token is malformed.

[srslafazan]

I'm submitting a...

[ ] Regression 
[X] Bug report
[X] Feature request
[ ] Documentation issue or request
[ ] Support request => Please do not submit support request here, instead post your question on Stack Overflow.

Current behavior

This is a bug report and/or feature request -- the behavior is necessary for proper authentication error handling.

Issue: There's no way to remove the session if the JWT token is malformed. Passport de-serialization just fails, and there's no access to the request and response objects in context.

Related to #136 -- however, without the response context, it may not be possible to handle all session operations in many standard workflows.

Expected behavior

Deserialization errors could be caught, and handled (with the request / response context). Without this, the session can't be fixed.

What is the motivation / use case for changing the behavior?

1. User JWT token is malformed.
2. Passport de-serialization fails.
3. Server must do some global error-handling... but it does not globally have the request / response context to fix or remove the token.

[srslafazan]

The proper context may be an AuthGuard -- according to #136. Will close and open again if investigation shows this is a bad solution.