JWT public signing verification documentation (direct howto on /token/generate and token/public-key)

[dk1844]

Background

We offer

• user token generation endpoint at POST [/token/generate]
• matching public key generation at GET [/token/public-key]

To people unfamiliar, it may not be directly apparent how these two things relate to each other and how to practically use it.

Feature

Let's create a documentation section where the actual steps are outlined and commented:
1 use POST /token/generate with credentials to obtain JWT for a user
2 show what it contains (unbase64), perhaps comment on the validity and other fields
3 show how to get a public key (GET /token/public-key) and how it is used to verify the content of JWT (mimic https://blog.miguelgrinberg.com/post/json-web-tokens-with-public-key-signatures and perhaps even directly link it or a similar source for more info)

Thanks @jakipatryk for suggesting it. 🙇‍♂️

Extra: to be done here or create another issue+PR: describe the JWKs endpoint and its usage

[TheLydonKing]

Can we consider this issue closed since we have the client library and the example code showing how it works?