Add 'validate' option to allow token claim validation

[salmanm]

Prerequisites

• I have written a descriptive issue title
• I have searched existing issues to ensure the feature has not already been requested

🚀 Feature Proposal

Can we add a new validate option into the package? It should accept a function similar to the trusted option but allow us to do some custom json-schema based validations on the token payload. While the current 'trusted' option serves a similar purpose, repurposing might not be suitable given the name "trusted" which implies security and not validation.

While external validation (in the callback of request.jwtVerify) is an option, integrating 'validate' directly into @fastify/jwt aligns with JWT operations, offering more convenience and coherence. If the maintainers are on board with this proposal, I'd be more than willing to contribute by creating a Pull Request to implement the 'validate' option.

Motivation

This feature is particularly valuable in scenarios involving external Identity Providers (IDPs) where unexpected modifications to claims can disrupt the application's functionality.

Thanks

Example

fastify.register(jwt, {
  secret: 'supersecret',
  validate: (request, tokenClaims) => {
    // JSON schema-based validation logic
    if (/* condition to check token validity */) {
      return true; // Token claims are valid
    } else {
      throw new Error('Invalid token claims'); // Throw an error for invalid claims
    }
  }
});

[Eomm]

It seems a good feature.

I would take into account:

• call it validateDecodedToken instead of validate
• what if the user sets the decode.complete to false? https://github.com/fastify/fastify-jwt#decode
• it would be cool if we change handle the error as a validation by default (http status 400)
• check if we can use the https://fastify.dev/docs/latest/Reference/Request#validateinputdata-schema--httpstatus-httpstatus stuff

[mcollina]

Thanks for reporting! Would you like to send a Pull Request to address this issue? Remember to add unit tests.