Kong plugin to integrate with custom authentication service and issue oauth access token

I am trying to implement Kong API Gateway with client_credentails flow. I have a custom auth service that takes care of authentication of clients.

When the client tries to authenticate by presenting the client Id and secret(Basic Auth) in the auth request, I want to route the request to custom authentication service. We have the client information saved in our database and is segregated to different realms(user groups). Implemented an auth-service that validates the client credentials based on the realm and generates a JWT response. JWT has sensitive information so cannot be shared with the client. This auth-service has multiple versions, so we need to route the request to different auth-service endpoints based on the realm(sent in the query parameter) and a custom header.

Once the auth-service returns a JWT response, Kong should be able to generate an oauth token and save the associated JWT in cache. This OAuth token will be shared with the client. When client presents this token in the Authorization header, API Gateway should be able to validate the token and get the JWT that was saved before and inject into to the backend request.

Does Kong support any plugin for this set up? Or if anyone has done this, can you please share the related github links.