In order to easily support multi tenant scenarios, it would be useful to have optionally have a callback function take the JWT and return the key.

To keep the API simple the idea would be to keep the current behavior if key is not a function. If key is a function then this fragment would look like this:

var token = parts[1];

var key = isFunction(settings.key) ? settings.key(token) : settings.key;

jwt.verify(token, key, function(err, decoded) {

What do you think about it?

I'm working on a PR with the updated docs, implementation and tests.