Returns a validator that ensures all required scopes are included in the
token.

Returns a mixin that validates the jws access token ensure it includes the
claims and that claim passes validation, finally it stores the authentication
and authorisation state on the context under :identity

:token-type - the scheme under the authorisation header (default is Bearer)
:token-key - the secret can be a function which is provided the JOSE header
as its single param
:token-options - that is used to validate the standard claims of the
token (aud, iss, sub, exp, nbf, iat) (optional)
:token-claims - a map of expected claims and how to validate them as function
that takes the claim value (optional)
:token-parser - a function that performs parsing of the token before
validation (optional)

This mixin should only be used once.

Returns a mixin that populates the WWW-Authenticate error when the
JWT is not authorised to access the protected endpoint.

This mixin should only be used once.