That's my plan actually. The plugin hooks into the password flow, sends a challenge token and, expects the signed message back, and authorizes the connection. A talk with AI gave me the configuration code and steps, I just need to do it on a VM and see if it works.