I have a pretty common scenario for implementing security on the public site. Our client has legacy APIs which returns JWT tokens for authentication. They are expecting the following flow:
1. A form on public site should be submitted with username and pw;
2. The credentials needs to be encoded;
3. OSGi Servlet should process this request and call a RESTFul endpoint to authenticate the user;
4. On success the endpoint will return 200 and a JWT token;
I understand the flow and how token based authentication work in general, but I have not implemented it in AEM. Can someone please suggest a solution here? How should I write my code in AEM to handle this?