How to introspect OAuth access token, and then append API key to access backend

This is a long shot, but I'm in dire need of advice. If you know of a more appropriate community for this type of question please share!

I'm working with a legacy OAuth system using email + password grant type (deprecated, I know: it's out of my control).

I have to somehow connect this authentication service with a database backend for which I have an API key for.

Ideal flow

  1. User logs in with OAuth service with email + password, gets access token
  2. User sends backend request to some middleware, which does introspection / validates access token
  3. Middleware appends API key to request header to retrieve backend data

Things I've considered

  1. Traefik instance + auth forwarding
    This seems to expect authentication to be done in the middleware rather than passing and introspecting an access token. Also the OAuth service's introspection endpoint requires client ID and client secret as documented here

  2. Ory Oathkeeper
    This seems to expect arguments which would be used for regular OAuth2 redirect flow, such as pre_authorization.