We are working on implementing Authentication where external sales representatives need to be authenticated against a Database and incase authenticated should be returned JWT token(generated in API Gateway) for subsequent calls.
Also for any API call,incase the JWT token is missing in header ,username password should be requested .If the user is authenticated ,JWT Token should be generated in API Gateway and the request should be routed to backend.
The missing JWT should not return an error but should ask for credentials to generate a new Token.
What is the best way to implement this?