The problem with WordPress rest API is that there's no official robust and simple mechanism to authenticate rest API. Different plugins add their own implementation to authenticate their own API, which are incompatible with each other.
For example we can't authenticate wordpress rest API with woocommerce client keys/secret pair. But there're some functionality which woocommerce depends on wordpress API for eg. Media upload is only possible with WordPress rest API.

This is the problem that there's no universal standardized mechanism opted by WordPress and authentication left to plugin developer completely.

If there exists configurable JWT authentication in wordpress, woocommerce need not to build their own mechanism to authenticate and other plugin would also follow the standardized wordpress rest API approach.

In my opinion, there should be a rest api page under setting to enable and disable list of rest API endpoint separately by plugin. This list of endpoints can be added by a plugin which has option to choose the authentication mechanism of predefined choice.

I hope wordpress would focus on this topic extensively and make the step in right direction.