if token != "" {
		claims, err := getClaimsFromTokenWithSecret(token, secret)
		if err != nil {
			return nil, toAPIErrorCode(r.Context(), err)
		}
		return claims.Map(), ErrNone
	}

	claims := xjwt.NewMapClaims()
	return claims.Map(), ErrNone
}

// Check request auth type verifies the incoming http request
//   - validates the request signature