OAuth2AuthorisationServerConnector: Fix _checkCustomTokenPolicy call places

This method raises the same error as jwt's claim validator, as it was intended to be
called from the same exception handling block. So move it from "else" blocks into
the corresponding "try" block.

bt5/erp5_oauth2_authorisation/DocumentTemplateItem/portal_components/document.erp5.OAuth2AuthorisationServerConnector.py

@@ -1271,10 +1271,10 @@ class OAuth2AuthorisationServerConnector(XMLObject):
             'verify_signature': True,
           },
         )
+        self._checkCustomTokenPolicy(token_dict, request)
       except jwt.InvalidTokenError:
         continue
       else:
-        self._checkCustomTokenPolicy(token_dict, request)
         token_dict[JWT_PAYLOAD_KEY] = decodeAccessTokenPayload(
           token_dict[JWT_PAYLOAD_KEY].encode('ascii'),
         )
@@ -1296,10 +1296,10 @@ class OAuth2AuthorisationServerConnector(XMLObject):
             'verify_signature': True,
           },
         )
+        self._checkCustomTokenPolicy(token_dict, request)
       except jwt.InvalidTokenError:
         continue
       else:
-        self._checkCustomTokenPolicy(token_dict, request)
         return token_dict
     raise
 
@@ -1356,10 +1356,10 @@ class OAuth2AuthorisationServerConnector(XMLObject):
             'verify_signature': True,
           },
         )
+        self._checkCustomTokenPolicy(token_dict, request)
       except jwt.InvalidTokenError:
         continue
       else:
-        self._checkCustomTokenPolicy(token_dict, request)
         return token_dict['iss']
     raise
 
@@ -1382,10 +1382,10 @@ class OAuth2AuthorisationServerConnector(XMLObject):
             'verify_signature': True,
           },
         )
+        self._checkCustomTokenPolicy(token_dict, request)
       except jwt.InvalidTokenError:
         continue
       else:
-        self._checkCustomTokenPolicy(token_dict, request)
         return token_dict['iss']
     raise