I would like to know if I can authenticate as a member in an api using a JWT token. If anyone happens to already have something on the shelf for this and is willing to share, that would make me happy. It would save me some research time.

Custom API or Content Delivery API ?

Thanks for taking the time to share your insights 😄 We're about to start a new Umbraco 10 project and it's likely going to be an SPA. The content of the website is public, but we'll be displaying a load of personal data and the client needs a way to manage their users. So more concretely: The website itself could generate the jwt token if it's possible to create a member login with an SPA approach. The token will be used against custom API endpoints on the website itself to identify the visitor. Members is just a convenient way to have management capabilities over the users who access the application.

Generating JWTs yourself is annoyingly difficult to do well. A lot depends on your setup and how the auth is configured. Where we've done that previously we've had an external authentication provider - but that's because the entire app is behind an auth gateway, so it didn't matter. If the FE app and umbraco are going to be hosted on the same domain I'd consider a cookie and using CookieAuthentication. In either case you'd need to provide a custom Provider and/or ValidateIdentity function to validate the subject against the member database.

I see, that makes sense. Thank you for sharing, I'll keep the cookie authentication in mind and do a few experiments to see if I can get something to work