Research into JWT.

How to encode and decode the header and payload.

How to use a syncronous key for the signature.

How to use an asynchronous public/privte keypair for the signature.

https://jwt.io/introduction

https://jwt.io/#debugger-io

https://wstutorial.com/misc/jwt-java-public-key-rsa.html

https://makeinjava.com/base64-withoutpadding-encoding-string-byte-array-java8/

https://sorenpoulsen.com/calculate-hmac-sha256-with-java

https://gist.github.com/nielsutrecht/855f3bef0cf559d8d23e94e2aecd4ede

https://en.wikipedia.org/wiki/HMAC

https://en.wikipedia.org/wiki/Cryptographic_hash_function

https://en.wikipedia.org/wiki/Hash_function