The processor/s should be able to create/read/verify the JWT token Note: For security, we should deprecate the existing login token, rather than offer both: Stateless JWT will provide much better security than a DB stored token. The implementation should also allow for the configuration of a separate authorisation server/service