Hi ,
We are using a third part application as IDP ,and
1)it is going to generate a JWT
2)Send the JWT to APIGW
3)APIGW to use /introspect of third party to verify the JWT
4)If it is valid generate a access_token only and send it to the browser
Can you please help me understand where to make the changes for checking the JWT ,thinking of using grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer