Again on API already protected by JWT

HI, I need to expose my BE API, thru KONG.
Usually my BE API server, when you call a specific API, request the authentication.
the process is, user send a request, it’s redirect to the authentication server, if ok they receive an JWT token, and submit request to the API with “Authorization: Bearer XXXXXX …” injected in header.

How i can reproduce this path in KONG configuration?

I try mapping
one path to the login-server, and when i call that service, via curl POST, i receive the token in answer via KONG
and other path to expose my API
now how i can calling second path attach first to obtain Token?

for sample
I hope to expose
http://kong.xxxxx.xom/getusers to get the list of users

and KONG get the request, but before to send it to the BE, use the route /login to authenticate users, and received a JWT token, and use it to send request to the BE (/getusers)
and replay the answer list to the clinet.