Adds synchronous verify_sync() methods to AccessTokenVerifier and IDTokenVerifier

[BinoyOza-okta]

Summary

Adds synchronous verify_sync() methods to AccessTokenVerifier and IDTokenVerifier, allowing non-async Python applications (Django, Flask, etc.) to verify Okta JWTs without needing asyncio.run() or run_until_complete().

Closes #42

Motivation

Okta customers with synchronous Python applications (e.g. Django) cannot easily use the existing async-only verify() API. Wrapping with asyncio.run() or run_until_complete() causes issues in applications not built around coroutines. This PR adds first-class sync support.

Changes

New Public API (additive, non-breaking)

Class	New Method	Sync Equivalent Of
AccessTokenVerifier	verify_sync()	verify()
IDTokenVerifier	verify_sync()	verify()

Usage

from okta_jwt_verifier import AccessTokenVerifier, IDTokenVerifier

# Access token — no async/await needed
atv = AccessTokenVerifier(issuer="https://your-org.okta.com/oauth2/default")
atv.verify_sync(access_token)

# ID token
idv = IDTokenVerifier(issuer="https://your-org.okta.com/oauth2/default", client_id="your-client-id")
idv.verify_sync(id_token, nonce="optional-nonce")

Internal Changes

request_executor.py

• fire_request_sync() — sync HTTP via requests library with simple dict cache
• get_sync() — sync GET with retry and throttling (mirrors get())
• clear_cache() — now clears both async and sync caches

jwt_verifier.py

• _verify_token_common() — extracted shared parse → alg check → claims check logic (eliminates duplication across 4 verify methods)
• verify_access_token_sync(), verify_id_token_sync() — sync verification on BaseJWTVerifier
• get_jwk_sync(), get_jwks_sync() — sync JWK retrieval with cache-clear retry for key rotation

Bug Fixes

• get_jwks() exception handling: Previously swallowed exceptions silently, leaving jwks undefined → would raise UnboundLocalError. Now re-raises after cleanup.
• _get_jwk_by_kid(): Removed unnecessary temp variable, uses early return.

Code Quality

• Fixed docstring typo: "acess" → "access"
• Fixed incorrect return type docs: str → dict for JWK methods
• Added RFC 7519/7515/7517 references to docstrings
• Removed empty parentheses on classes with no base class (PEP 8)

Backward Compatibility

✅ Fully backward compatible. All existing public methods retain identical signatures and behavior. New methods are purely additive. All 22 existing unit tests pass unchanged alongside 5 new tests.

Testing

pytest tests/unit/ -v   # 27 tests pass

New tests:

• test_get_jwk_sync
• test_get_jwks_sync
• test_access_token_verifier_sync
• test_id_token_verifier_sync
• test_invalid_claims_fail_first_sync