Bound JWT to its scope by embedding scope claim in payload (#39)

Author: VarunSriram99

js/src/index.ts

@@ -52,6 +52,7 @@ class NeetoJWT {
     const payload = {
       email: this.email,
       workspace: this.workspace,
+      scope: this.scope,
       iat,
       exp,
     };

js/test/index.test.ts

@@ -42,10 +42,23 @@ describe("NeetoJWT", () => {
     const decoded = jwt.verify(token, publicKey, { algorithms: ["ES256"] });
     expect(decoded.email).toBe(email);
     expect(decoded.workspace).toBe(workspace);
+    expect(decoded.scope).toBe("user");
     expect(decoded.iat).toBeDefined();
     expect(decoded.exp).toBeDefined();
   });
 
+  it("should embed scope in the JWT payload for consumer scope", () => {
+    const neetoJWT = new NeetoJWT({
+      email,
+      privateKey,
+      scope: "consumer",
+    });
+    const token = neetoJWT.generateJWT();
+    const decoded = jwt.verify(token, publicKey, { algorithms: ["ES256"] });
+    expect(decoded.scope).toBe("consumer");
+    expect(decoded.workspace).toBe("app");
+  });
+
   it("should generate a login URL", () => {
     const neetoJWT = new NeetoJWT({ email, workspace, privateKey });
     const loginUrl = neetoJWT.generateLoginUrl(redirectUri);