Usage of custom OAuth Server

The Glue REST API can be secured using oauth. As far as i can see, there is a oauth server implementation in spryker. Afaik the general way is

Glue Consumer -> Request Auth Rest API -> use Spryker OAuth client -> Request to the Zed Gateway -> Make facade call to validateToken -> create League OAuth server -> make validation magic

But we have an own OAuth server and can not find a suitable way to use this one.

We found the AccessTokenValidatorInterface to hook in but these are existing on two places: In business layer and in client layer.
The simples way may be to implement the AccessTokenValidatorInterface in Client layer. Inject some (League?) oauth2 client (instead of creating a ressource server) and call the external oauth2 server to validate the jwt token.
But this seems dirty because it directly calls some external ressource without involving zed business logic.
If we go the usual way with a client to connect finally to the spryker facade, it seems not possible at all because with every facade entry point you seem to be directly in the league oauth2 server context.

Maybe we missed something and just somewhere the oauth endpoint has to be configured to use our own server.

What is the usual way to connect to a custom oauth server? Have we to write a custom client? Custom module?

I would be very grateful if we can get some hints for this.

Best regards