Exists JWT implementation oauth will not affect.
Changes in backend:One elasticsearch node will add new HTTPAuthenticator and AuthenticationBackend. HTTPAuthenticator will use for extract token from header. AuthenticationBackend will work as resource server in term
RFC-6749, for validate token will exists few implementation. One of implementation will thread with authentication for validate token in term introspection endpoint that describe in
RFC-7662. Specification allow include additional information in response, and we can for example get from authentication server client roles.
Changes in client:TransportClient will know via settings client id, client secret, authentication server URL, before send request to elasticsearch, client will request token from authentication server, and then include token to request header. Client also will now then token will expired, and refresh it
when the time is suitable. I think for TransportClient will be need only client id, client secret, but REST clients can work via redirect on authentication server as it describe in specification.