BE: Permissions

[thelazurite-cell]

AS a consumer of the API
I want to be able to retrieve permission information
SO that i can ensure actions a user cannot perform are not visible

Acceptance Criteria

• API Token must now provide a header, payload and signature
• API Token Header must:
  • contain the issuer
  • the encryption type used
• API Token Payload must:
  • contain the user name and identifier
  • contain a user's scope/permissions
  • contain the iat (issued at) datettime
  • contain the exp (expiry) datetime
• API returns a signature
  • signature should be the encrypted value of both the header and the payload
• A Token's signature must be validated by the API
• Area is unit tested