Auth flow with external API backend

Hi all! I'm a bit new to auth in general so forgive me for the noobish questions. I currently have an Asp.net core web api as my backend which is called by an Astro server. The Astro server proxies all user requests through Astro endpoints. The .net API handles authentication using Asp.net core's Identity package, so I have a single API handling both auth and resources. This makes it convenient for authorization, but I'm not sure if it's the best overall. The first picture is a diagram of my current flow.

I am having trouble understanding how integrating Appwrite for auth into this scenario would work.

**As far as I understand, it is not possible for Appwrite to sign JWTs with an RSA key (which would allow for independent verification). Is that correct? **

In light of that, would the flow depicted in the second diagram be required? I am hesitant to have every single request require a round trip to the auth server. The reason I want the .net API to verify the token and have user info is because Asp.net core's built-in strategies for authorizing endpoints are very nice to use.

Second, I read a bit of the documentation but I am not totally clear on something. I know the client will forward the jwt on every request to my Astro server, but can I forward the JWT onwards from my Astro server as a header to my resource API?

I'm drawn to using Appwrite because I figure it's more robust than my own solution and I can just integrate an SMTP service and call it a day as far as setting up verification. However, I'm having trouble understanding if it suits my use case since I'm not doing all my business logic on my Astro server, but instead just routing requests.

I'm currently using cloud to test out some features, but might switch to self hosted if I decide to move forward.

Any insight or advice would be appreciated. Thank you!