I want to implement json:api in my company but we have some doubts working with authentication tokens.
We want to implement the JWT standard and we don't know how to start with authentication tokens.
We are thinking in an url like this:
POST /security-token (we need to pass the username and password, but how?)
This request must create a JsonWebToken and return it to the client.
Which info we need to provide to the request to be compatible with json:api?
We don't want the token to be accessible by a GET because the token is not persisted anywhere. How we can deal with it?