JWT Middleware

[mreschke]

JWT middleware creation for initial beta internal app usage.

• JWT will come from FusionAuth
• JWT will be passed in to Uvicore either directly or through Kong
• If through kong, JWT will be pre-validated so no need for uvicore to validate. Config option to validate boolean.
• If using external IDP (FusionAuth), we want to auto-create user in uvicore database. Config option to auto_create user.
• If uvicore itself is serving the IDP (say oauth2) then user account will already be in uvicore, no need to auto-create. Perhaps a config option denoting if the JWT came from external IDP?
• Uvicore will also sync a JWT key (FA roles) to either auth_user_groups or auth_user_roles. Configurable since some JWT will have different keys which could be groups or roles, should be configurable and dynamic syncing.
• Syncing should use cache TTL so it doesn't sync on ever hit, a buffer. User is already in cache. Perhaps if user is NOT in cache, get user and sync everything? Or have 2 different TTLs and keys. Should make both TTLs configurable.