This authenticator should be similar to JaasAuthenticator but should be able to participate in an OAuth2 SSO.

The JVM agent should contain extra options to enable this.