Is your feature request related to a problem? Please describe.
The Swagger UI page included with APIs in dev portal allows a user to authorize via API Key or OAuth with client id and secret. It's undesirable to share client id and secret broadly with our API development teams, but they all have the ability to secure a JWT through our configured IdP. We want the ability to authorize API calls via Swagger UI using a JWT.
Describe the solution you'd like
When an API has a usage plan supporting OAuth, we would like to present the user with an option to supply a JWT instead of a client ID and secret. This does not replace the existing capability to provide client id and secret that exists today, it's an alternative option. There's a built-in assumption here that users are following an OIDC flow to generate the token in the form of a JWT. This should be a valid token whether the usage plan is configured for jwtValidation or introspectionValidation.
Is your feature request related to a problem? Please describe. The Swagger UI page included with APIs in dev portal allows a user to authorize via API Key or OAuth with client id and secret. It's undesirable to share client id and secret broadly with our API development teams, but they all have the ability to secure a JWT through our configured IdP. We want the ability to authorize API calls via Swagger UI using a JWT.
Describe the solution you'd like When an API has a usage plan supporting OAuth, we would like to present the user with an option to supply a JWT instead of a client ID and secret. This does not replace the existing capability to provide client id and secret that exists today, it's an alternative option. There's a built-in assumption here that users are following an OIDC flow to generate the token in the form of a JWT. This should be a valid token whether the usage plan is configured for jwtValidation or introspectionValidation.