Verify OAuth with JWT in API call on SCP

Hi community

Context:

We have a microservice architecture based on the Azure platform and as part of that we are trying to consume services from our ECC (702 SP18). The plan is to go from OData Provisioning via Cloud Connector directly.

Refer to the Azure documentation for more detail on the authentication flow. In our case we need the SAP web service to act as the Web API B in the diagram in this link. We need to somehow do the validate the JWT sent in the call by the other Web API.

Question:

How can we configure an API endpoint (OData/REST service) that could validate and accept an OAuth request with a JWT Bearer Token in API Management (or any other way in SCP)?

I have been scouring the documentation and SCN but cannot find any detail on this specifically.

In the SAP API Management documentation it says that the operation to Verify Access Token is configurable, bu there is not detail on how to configure this further (i.e. how do you configure the decryption key used to decrypt the tokens signature for verification. So I would like to check if anyone has used this approach before.

If you have any experience or idea how to achieve this please let me know.

Kind regards,

Ben.