Authenticate uses the specified validator to ensure a JWT is valid, then makes sure that the claims provided by the JWT match the scopes as required in the API.

GetClaimsFromToken returns a list of claims from the token.

GetJWSFromRequest extracts a JWS string from an Authorization: Bearer <jws> header.

NewFakeAuthenticator creates an authenticator example which uses a hard coded ECDSA key to validate JWT's that it has signed itself.

PrivateKey is an ECDSA private key which was generated with the following command: openssl ecparam -name prime256v1 -genkey -noout -out ecprivatekey.pem We are using a hard coded key here in this example, but in real applications, you would never do this.

JWSValidator is used to validate JWS payloads and return a JWT if they're valid.