If yu just want to respect an arbitrary token (forget it’s a JWT), you could use the Gateway API to PUT the WHOLE token (the bit after "Bearer: " as a token with a session object and set the API Definition to use “Auth Token”, that will work, but you would need to integrate.
Alternatively, create a custom Auth middleware in JS or Python that does the above.