As a Platform Engineer, I need to understand how the Developer Portal can support OAuth/OIDC-authenticated APIs alongside API key-authenticated APIs, so that API consumers can self-service token acquisition for OAuth-configured APIs.

Acceptance Criteria

• Determine how to detect auth method from PlanPolicy/AuthPolicy/OIDCPolicy (secret-backed vs OAuth/JWT), and how we'd bubble this up to the API Product creation screen
• Investigate a means for the UI to conditionally hides API key management when API is OAuth-configured
• Investigate dynamic client registration options and feasibility
• Identify how to extract authorization endpoint URL from AuthPolicy configuration via well known config URL
• Look at the mechanics for how we can displaying authorization endpoint link in UI for self-service token acquisition
• Document findings and recommended approach
• Build a backlog of issues to tackle this work (likely post Feb)

Out of Scope

• Token issuance/management within Backstage
• Token lifecycle (refresh, expiry, revocation)