diff --git a/engines/dfc_provider/app/services/authorization_control.rb b/engines/dfc_provider/app/services/authorization_control.rb
index 254c6cee67..879eab7980 100644
--- a/engines/dfc_provider/app/services/authorization_control.rb
+++ b/engines/dfc_provider/app/services/authorization_control.rb
@@ -20,7 +20,7 @@ class AuthorizationControl
 
   def user
     oidc_user || ofn_api_user || ofn_user
-  rescue JWT::ExpiredSignature
+  rescue JWT::DecodeError
     nil
   end
 
diff --git a/engines/dfc_provider/spec/services/authorization_control_spec.rb b/engines/dfc_provider/spec/services/authorization_control_spec.rb
index f5695f0cd6..af340d3105 100644
--- a/engines/dfc_provider/spec/services/authorization_control_spec.rb
+++ b/engines/dfc_provider/spec/services/authorization_control_spec.rb
@@ -34,6 +34,12 @@ RSpec.describe AuthorizationControl do
 
       expect(auth(oidc_token: token).user).to eq nil
     end
+
+    it "ignores malformed tokens" do
+      token = "eyJhbGciOiJSUzI1NiIsInR5c"
+
+      expect(auth(oidc_token: token).user).to eq nil
+    end
   end
 
   describe "with OFN API token" do