We should have some functionality to verify JWT's.

1. General validation of jwt

2. Validation of a Google JWT
   (Get and cache Google's certificates - validate: iss, iat?, & exp)

3. Validation of a Firebase JWT
   (get and cache Firebase certificates, validate: iss, iat, & exp)

4. Validate Identity provider tokens as well. (FB, Twitter, Github, etc.)

See https://github.com/auth0/java-jwt