Control access to Ignition resources using an existing token service API

I would like to protect access to Ignition resources (gateway resources, project resources such as windows or tags). Here is what i am envisioning to implelment:

  1. Ignition requests a access token from a token service API by passing the user’s SLID used to log in to his/her computer
  2. token service API responds by providing the requested token that has information such as role name, token expiration time, etc
  3. Ignition then decodes the token and provides appropriate access based on predefined access policies that correspond to the roles

How can i implement this? is there anyone who attempted to implement this before?