Tbh I didn't really consider this approach as I didn't think it was possible (that's if it is). Also I'm not so comfortable with hijacking authentication session. I very much prefer making the user actually grant permissions to the required scopes and making it clear what the access is used for.