tokenauth

[djthorpe]

Create middleware to validate API tokens (Bearer) against an interface

• Middleware gets JWT and a secret from the interface, and scope from the route ("permissable scope")
• Interface provides a secret to validate the a JWT, or empty string
• Checks against JWT using secret - if token is valid and route scope is in token scopes, skip the interface, get parameters
• Otherwise, Interface takes a token and optionally a scope, returns all the parameters and all allowed scopes, or
• Not Authorized if the scope is not allowed
• Call the child method
• After child method, store parameters and scope in JWT with the secret and pass as a cookie back to the client

The interface can store API key against parameters and allowed scopes. Interface should probably update the "last accessed date" against a token

Check for API revoke, secret revoke