Verify API Gateway id token
Currently we rely entirely on whatever is hosting the Django app to authenticate requests from the API Gateway. While this is conceptually simple, it is also subtle in that it is far too easy to accidentally leave one's application unauthenticated.
This has already happened in one product and will likely happen again.
As a second line of defence, allow this library to separately validate the id token passed in the Authorization
header. There is a handy function available to do just this.