Thank you, I'm glad you liked it.
This act of verifying users is called authorization. It means that a certain type of users has access rights to some resources. The verify function is checking whether this user has the access right. The tokens are only as a way of granting permission to the resource.
Yes, you can add more properties to the object you sign the token with. Such as a roles array. But all the checking will be done inside a middleware function. However, beware. Never sign the token with the whole user object. This is very dangerous as the token can end up having the user's password. That's not something you want happening.
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.