I solved the problem above by assigning the environment variables to module-scoped variables, but it would be helpful if the error were more precise (probably out of scope though).
Different question: how should the client handle the case when isTokenValid returns that the JWT had expired?