compares a bcrypt hashed password with its possible plaintext equivalent, returns nil on success, or an error on failure.

extract the token from authorization header.

create JWT using JWT library: https://github.com/golang-jwt/jwt .

validate the JWT, use the jwt.ParseWithClaims function to validate the signature of the JWT and extract the claims into a *jwt.Token struct https://pkg.go.dev/github.com/golang-jwt/jwt/v5#ParseWithClaims.