@MetalSamurai OAuth isn't the right protocol for this, or at least not the only thing that's needed. More like OpenID Connect. That may not be entirely right either, though.

I realize this is not "as-is" discussion, but potential "to-be"'s.