Authorize a request against the scopes on the verified token.
Runs after Attesto.Plug.Authenticate (which assigns the verified
claims): it reads the scope claim, splits it, and checks that the
granted set covers every required scope via Attesto.Scope. On
success the conn passes through; otherwise it answers 403
insufficient_scope (RFC 6750 §3.1).
plug Attesto.Plug.RequireScopes, ["documents.read"]Options. The first argument may be a bare list of required scopes, or a keyword list with:
:scopes(required) - the list of required concrete scopes.:claims_key- theconn.assignskey the claims were put under (default:attesto_claims, matchingAttesto.Plug.Authenticate).
A request that reaches this plug without verified claims (the authentication plug did not run or did not assign them) is treated as unauthenticated and answered 401.
Part of the optional Attesto.Plug layer; compiles only with Plug.