Returns a mixin that extracts the access token from the authorisation header

• token-header-name - the name of the header containing the token (defaults to “authorization”)
• token-type - the scheme or a list of schemes under the authorisation header (default is Bearer). Use nil when no type on header
• token-parser - a function that performs parsing of the token before validation (optional)

This mixin should only be used once.

Returns a mixin that validates the jws access token ensure it includes the claims and that claim passes validation, finally it stores the authentication and authorisation state on the context under :identity

This mixin assumes a token already on the context under :token

• token-key - the secret can be a function which is provided the JOSE header as its single param
• token-options - that is used to validate the standard claims of the token (aud, iss, sub, exp, nbf, iat) (optional)
• token-validators - a array of ClaimValidators (optional)
• token-required? - whether a token should be treated as mandatory (defaults to true)

This mixin should only be used once.

Returns a mixin that populates the WWW-Authenticate header when the request is not allowed to access the protected endpoint.

This mixin should only be used once.