Add info how Harper handles JWT #45
Description
In a project which I want to have authentication be handled via JWT. AI did not have a good grasp on how Harper honors token based auth.
It's assumption is that Harper doesn’t issue JWTs — it consumes them and Harper treats JWTs as bearer credentials that it validates and maps to permissions. It is not an identity provider.
It assumed the token is generated by a separate identity provider and then Harper validates & authorizes the token and then maps the token claim to a Harper role.