JWT Sessionless Authentication

How would you configure the AuthFeature to accept a username+password that is checked against a custom store, and then have a sessionless JWT cookie sent back to a client, to be used on subsequent requests.
I don’t want to have a session store or a authrepository in the service. It needs to be totally sessionless.

The JWT needs to contain the following things: username, userid, roles.

Is that possible? How is it configured?

The JWT BearerToken of the AuthenticateResponse is automatically populated on successful authentication. Note the JWT’ AuthProvider is configured with RequireSecureConnection=true by default so it only gets populated when using https.