iex> alias Rivet.Ident.Auth.Domain
iex> {:error, auth} = enrich_sub_aud(%Auth.Domain{token: %{claims: %{sub: "asdf", aud: "asdf"}}})
iex> auth.log
"Cannot parse token.sub=asdf"

Checks payload information to verify proper authorization matches

iex> {:ok, _token, claims} = Rivet.Auth.Token.Access.jwt("narf", "example.com", 5)
...> {:error, %Auth.Domain{} = a} = jwt(%Auth.Domain{hostname: "example.com", token: %{claims: claims}})
...> a.log
"Cannot find identity factor=narf"

iex> alias Rivet.Ident.Auth.Domain
iex> {:error, auth} = valid_audience(%Auth.Domain{token: %{aud: "asdf"}})
iex> auth.log
"Cannot parse token.tok=asdf"
iex> {:error, auth} = valid_audience(%Auth.Domain{token: %{aud: "key:a.domain"}, hostname: "b.domain"})
iex> auth.log
"Token audience does not match: a.domain != b.domain"
iex> valid_audience({:error, "narf"})
{:error, "narf"}

iex> alias Rivet.Ident.Auth.Domain
iex> now = System.os_time(:second)
iex> {:error, auth} = valid_expiration(%Auth.Domain{token: %{claims: %{for: %{}, exp: 0}}, type: :acc})
iex> auth.log
"Token Expired"
iex> {:error, auth} = valid_expiration(%Auth.Domain{token: %{claims: %{for: %{}, exp: now+300000}}, type: :acc})
iex> auth.log
"Token expiration out of bounds"
iex> valid_expiration({:error, "narf"})
{:error, "narf"}

iex> alias Rivet.Ident.Auth.Domain
iex> {:error, auth} = valid_subject(%Auth.Domain{})
iex> auth.log
"Unable to process token subject"
iex> {:error, auth} = valid_subject(%Auth.Domain{token: %{claims: %{sub: "red"}}, type: :acc})
iex> auth.log
"Cannot parse token.sub=red"
iex> {:error, auth} = valid_subject(%Auth.Domain{type: :acc, token: %{sub_type: :cas1, sub: "subject"}})
iex> auth.log
"Cannot find identity factor=subject"
iex> {:error, auth} = valid_subject(%Auth.Domain{token: %{aud_type: :caa1, sub_type: :cas1, sub: "subject"}, type: :val})
iex> auth.log
"Cannot find identity factor=subject"
iex> valid_subject({:error, "narf"})
{:error, "narf"}