fix: better scope handling

src/models/token_claims.rs

@@ -2,6 +2,8 @@ use fully_pub::fully_pub;
 use jsonwebtoken::get_current_timestamp;
 use serde::{Deserialize, Serialize};
 
+use super::authorization::AuthorizationScope;
+
 #[derive(Debug, Serialize, Deserialize, Clone)]
 #[fully_pub]
 struct UserTokenClaims {
@@ -30,6 +32,7 @@ struct AppUserTokenClaims {
     /// combined subject
     client_id: String,
     user_id: String,
+    scopes: Vec<AuthorizationScope>,
     /// token expiration
     exp: u64,
     /// token issuer
@@ -37,10 +40,11 @@ struct AppUserTokenClaims {
 }
 
 impl AppUserTokenClaims {
-    pub fn from_client_user_id(client_id: &str, user_id: &str) -> Self {
+    pub fn new(client_id: &str, user_id: &str, scopes: Vec<AuthorizationScope>) -> Self {
         AppUserTokenClaims {
             client_id: client_id.into(),
             user_id: user_id.into(),
+            scopes,
             exp: get_current_timestamp() + 86_000,
             iss: "Minauth".into()
         }