Yep - it’s been done using Basic Auth flow and Auth0 using the Tyk Identity Broker:
If you have control over the JWT’s that get generated (you need to inject a policy claim) then you can just use Centralised JWT support:
https://tyk.io/docs/tyk-api-gateway-v-2-0/access-control/json-web-tokens/
The JWT option is probably the most flexible, ass it completely externalises control over keygen to an IDP with only a custom claim field (policy) required to get it to work, though Tyk will only support a single public key per API Definition at the moment.