Authentication and especially authorization can be completely handled by PostgreSQL. In front of it all sits OpenResty (nginx) so that is where you would add whatever headers you would need

jwt's are a touchy subject but was the well-trodden route I was planning to follow for authentication.

Integration with auth0 and other third-party services would be a roadmap thing for me.

Authorization can be handled by PostgreSQL: it has built-in facilities for role-based access control and row-level security. You can develop the authorization scheme that fits your application.