How I developed this is:
- Create functionality to create ClientId and ClientSecret, for instance with a java library like SecureRandom;
- Connect the id & secret to a user.
- Let the client base64 encode the ‘id:secret’ and use it with Authorization basic header to call your token endpoint to generate a jwt token
- Set authentication to none on this endpoint, but check in the microflow if the credentials match by base64decoding the authorization basic header
- If the authorization is successful use the JWT module by Webflight to generate your tokenstring and return the token. Save the token to the database for authentication of other requests.
- Publish a rest service with authentication set to custom, use Authorization bearer header to get your JWT token string, and decode it with the JWT module.
- Use your JWT token to check if it's valid and then get the right user for the request.
- Continue with the request in your endpoint microflow like you normally would.
My module for generating clientid/secret, creating tokens and authenticating is for sale and available in Mendix 7, 8 or 9.