Add JWT scopes validation

[cdennig]

This PR adds the ability to validate scopes in a JWT token. The key for the scopes claim can be customized ("scopes_key" property) and the value can be read from a nested property in the token (same as for "role" validation). Additionally, the matching function can be customized: "any" returns "true" when at least one of the required scopes is available in the token, "all" means that all required scopes need to be included.

If the validation fails, a 403 will be returned.

Tests have been added.

[cdennig]

PR for #47.

[cdennig]

Unfortunately, this also adds now some redundancy - I am aware of that. Especially regarding the "roles" validation feature. But I did not want to change that on top without getting some feedback on that feature.

[saulo2]

Please, accept this PR. It is an important feature. In fact, I am in need of it right now.

[kpacha]

thanks for the contribution, @cdennig

let's update the CE and then we can revisit the implementation and look for redundant code

[cdennig]

Sure...I can make a suggestion, but it'll take some time for me. I'm pretty busy atm.

[github-actions]

This pull request was marked as resolved a long time ago and now has been automatically locked as there has not been any recent activity after it. You can still open a new issue and reference this link.