ContextWithToken returns a copy of the given context that contains a token.

LoadAccountsKeySet loads the JSON Web Key Set that we use for signing and verifying JWTs and caches it in AccountsJWKS (full version) and AccountsPublicJWKS (public key only version).

TokenFields extracts and returns some fields of interest from the JWT token.

TokenForUser creates a serialized JWT token for the given user.

TokenSerialize is a helper method that allows us to serialize a token.

ValidateToken verifies the validity of a JWT token, both in terms of validity of the signature and expiration time.

AccountsJWKS is the public RS key set used by accounts for JWT signing.

AccountsJWKSFile defines where to look for the JWKS file.

AccountsPublicJWKS is a verification-only version of the JWKS.

ErrTokenExpired is returned when a user tries to authenticate with an expired token.

PortalName is the issuing service we are using for our JWTs.

TTL defines the lifetime of the JWT token in seconds.' Can be overridden by the ACCOUNTS_JWT_TTL environment variable.