Yes, that is the approach I recommend to my customers. In fact, JWT is how Windows Azure Mobile Services secures its endpoints. JWT are relatively simple to handle (compared to SAML tokens for example), but retain interesting properties compared to access_tokens
(like having a signature).
This doc shows an example on how to do it with WebApi and our product (if you are using MS technologies). The principles are generic though, and you could apply regardless of whether you use our STS or not.